{"info":{"_postman_id":"13dd02af-9871-4f95-a5d1-d715dd0afd28","name":"SecurityLab-API","description":"<html><head></head><body><img src=\"https://content.pstmn.io/45b2d6d1-bc41-49b8-a3f4-3ac6ec713d8e/c2VjbGFiX2Jhbm5lci5QTkc=\">\n\n<blockquote>\n<p>Author: Daniele Bertocchi [<a href=\"https://mailto:daniele.bertocchi@faactechnologies.com\">daniele.bertocchi@faactechnologies.com</a>]<br>Author: Patrick Montanari [<a href=\"https://mailto:patrick.montanari@faactecnologies.com\">patrick.montanari@faactecnologies.com</a>] </p>\n</blockquote>\n<h1 id=\"sbom-api-endpoints-reference\">SBOM API Endpoints Reference</h1>\n<p>This document lists all the API endpoints related to the <strong>products-sbom-vulnerability-scanner</strong> service, including component management, vulnerability scanning, AI enrichment, and reporting.</p>\n<h2 id=\"base-url\">Base URL</h2>\n<p>All endpoints are relative to: <code>http://:/</code> (e.g., <code>http://127.0.0.1:2999/</code>)</p>\n<h2 id=\"authentication\">Authentication</h2>\n<p>All endpoints require a valid <strong>Bearer Token</strong> in the <code>Authorization</code> header.<br>Authorized roles vary depending on the endpoint (typically <code>admin</code>, <code>secops</code>, <code>user</code>).</p>\n<hr>\n<h2 id=\"1-sbom-and-component-management-parking\">1. SBOM and Component Management (Parking)</h2>\n<p>These endpoints manage the registry of components extracted from the original SBOM files for the Parking sector.</p>\n<h3 id=\"import-sbom-data\">Import SBOM Data</h3>\n<p>Starts the process of importing components from the configured SBOM files into the database.</p>\n<ul>\n<li><p><strong>URL</strong>: <code>/sbom/parking/import</code></p>\n</li>\n<li><p><strong>Method</strong>: <code>POST</code></p>\n</li>\n<li><p><strong>Roles</strong>: <code>admin</code>, <code>supervisor</code>, <code>applicationServices</code>, <code>secOps</code></p>\n</li>\n</ul>\n<h3 id=\"get-component-count\">Get Component Count</h3>\n<p>Returns the total number of components imported for a specific product or globally.</p>\n<ul>\n<li><p><strong>URL</strong>: <code>/sbom/parking/stats/count/{productName}</code></p>\n</li>\n<li><p><strong>Method</strong>: <code>GET</code></p>\n</li>\n<li><p><strong>Path Parameters</strong>: <code>productName</code> (optional: <code>jbl</code>, <code>jms</code>, or <code>janus-aggregator</code>)</p>\n</li>\n</ul>\n<h3 id=\"get-build-version\">Get Build Version</h3>\n<p>Returns the build version specified in the product's SBOM.</p>\n<ul>\n<li><p><strong>URL</strong>: <code>/sbom/parking/stats/version/{productName}</code></p>\n</li>\n<li><p><strong>Method</strong>: <code>GET</code></p>\n</li>\n</ul>\n<h3 id=\"get-cyclonedx-tool-info\">Get CycloneDx Tool Info</h3>\n<p>Returns information about the format and tool (CycloneDx) used to generate the SBOM.</p>\n<ul>\n<li><p><strong>URL</strong>: <code>/sbom/parking/stats/tool/{productName}</code></p>\n</li>\n<li><p><strong>Method</strong>: <code>GET</code></p>\n</li>\n</ul>\n<h3 id=\"get-aggregated-stats\">Get Aggregated Stats</h3>\n<p>Returns an aggregated object containing count, version, and tool information in a single call.</p>\n<ul>\n<li><p><strong>URL</strong>: <code>/sbom/parking/stats/{productName}</code></p>\n</li>\n<li><p><strong>Method</strong>: <code>GET</code></p>\n</li>\n</ul>\n<h3 id=\"get-all-components\">Get All Components</h3>\n<p>Returns the full list of registered components with their metadata (group, version, type, description).</p>\n<ul>\n<li><p><strong>URL</strong>: <code>/sbom/parking/components/{productName}</code></p>\n</li>\n<li><p><strong>Method</strong>: <code>GET</code></p>\n</li>\n</ul>\n<hr>\n<h2 id=\"2-vulnerability-scanner-analysis-and-enrichment\">2. Vulnerability Scanner (Analysis and Enrichment)</h2>\n<h3 id=\"run-sbom-scan\">Run SBOM Scan</h3>\n<p>Starts the vulnerability scan for one or more SBOM profiles. The service queries internal databases to find CVEs associated with component CPEs.</p>\n<ul>\n<li><p><strong>URL</strong>: <code>/sbom-scanner</code></p>\n</li>\n<li><p><strong>Method</strong>: <code>POST</code></p>\n</li>\n<li><p><strong>Body</strong>: Single configuration object or an Array of configurations (for batch scans).</p>\n</li>\n<li><p><strong>Main Parameters</strong>: <code>name</code> (e.g., \"jbl\"), <code>enrichment</code> (\"internal\", \"complete\", \"none\"), <code>saveToDatabase</code> (boolean).</p>\n</li>\n</ul>\n<h3 id=\"ai-enrichment\">AI Enrichment</h3>\n<p>Performs intelligent enrichment of discovered vulnerabilities using Artificial Intelligence (LLM) models.</p>\n<ul>\n<li><p><strong>URL</strong>: <code>/sbom-scanner/enrichment</code></p>\n</li>\n<li><p><strong>Method</strong>: <code>POST</code></p>\n</li>\n<li><p><strong>Body</strong>: Requires <code>reportId</code> (to enrich an entire report) or <code>cveIds</code> (for a specific list of CVEs). You can override the <code>llm</code> configuration (provider, model, apiKey).</p>\n</li>\n</ul>\n<hr>\n<h2 id=\"3-scan-reports-sbom-reports\">3. Scan Reports (SBOM Reports)</h2>\n<h3 id=\"list-reports\">List Reports</h3>\n<p>Retrieves the chronological list of saved scan reports, with support for pagination and filters.</p>\n<ul>\n<li><p><strong>URL</strong>: <code>/sbom-reports</code></p>\n</li>\n<li><p><strong>Method</strong>: <code>GET</code></p>\n</li>\n<li><p><strong>Query Params</strong>: <code>page</code>, <code>pageSize</code>, <code>productName</code>, <code>enrichmentMode</code>, <code>fromDate</code>.</p>\n</li>\n</ul>\n<h3 id=\"get-report-details\">Get Report Details</h3>\n<p>Retrieves the complete detail of a scan report, including the list of all vulnerabilities and enrichment data (EPSS, CISA KEV, EUVD, AI).</p>\n<ul>\n<li><p><strong>URL</strong>: <code>/sbom-reports/{id}</code></p>\n</li>\n<li><p><strong>Method</strong>: <code>GET</code></p>\n</li>\n<li><p><strong>Path Parameters</strong>: <code>id</code> (Unique ID of the report).</p>\n</li>\n</ul>\n<h3 id=\"dashboard-aggregate-stats\">Dashboard Aggregate Stats</h3>\n<p>Returns aggregate statistics on SBOM reports for dashboard visualization (total scans, average vulnerabilities, etc.).</p>\n<ul>\n<li><p><strong>URL</strong>: <code>/sbom-reports/stats/dashboard</code></p>\n</li>\n<li><p><strong>Method</strong>: <code>GET</code></p>\n</li>\n<li><p><strong>Query Params</strong>: <code>productName</code> (optional), <code>days</code> (default 30).</p>\n</li>\n</ul>\n<hr>\n<h2 id=\"4-vulnerability-statistics-dashboard-ui\">4. Vulnerability Statistics (Dashboard UI)</h2>\n<p>These endpoints provide aggregated data ready to be displayed in dashboard charts and tables. They support filtering via the <code>productName</code> query parameter.</p>\n<h3 id=\"total-vulnerabilities-count\">Total Vulnerabilities Count</h3>\n<ul>\n<li><p><strong>URL</strong>: <code>/sbom/parking/vulnerabilities/total</code></p>\n</li>\n<li><p><strong>Method</strong>: <code>GET</code></p>\n</li>\n</ul>\n<h3 id=\"vulnerabilities-by-severity\">Vulnerabilities by Severity</h3>\n<p>Count of vulnerabilities broken down by severity (Critical, High, Medium, Low, Unknown).</p>\n<ul>\n<li><p><strong>URL</strong>: <code>/sbom/parking/vulnerabilities/severity</code></p>\n</li>\n<li><p><strong>Method</strong>: <code>GET</code></p>\n</li>\n</ul>\n<h3 id=\"components-scanned-count\">Components Scanned Count</h3>\n<p>Number of components actually analyzed during the scanning process.</p>\n<ul>\n<li><p><strong>URL</strong>: <code>/sbom/parking/vulnerabilities/components-scanned</code></p>\n</li>\n<li><p><strong>Method</strong>: <code>GET</code></p>\n</li>\n</ul>\n<h3 id=\"severity-distribution-histogram\">Severity Distribution (Histogram)</h3>\n<p>Distribution of vulnerabilities grouped by CVSS score with intervals of 0.5 points.</p>\n<ul>\n<li><p><strong>URL</strong>: <code>/sbom/parking/vulnerabilities/distribution</code></p>\n</li>\n<li><p><strong>Method</strong>: <code>GET</code></p>\n</li>\n</ul>\n<h3 id=\"vulnerability-matrix\">Vulnerability Matrix</h3>\n<p>Average CVSS scores and total number of CVEs for each component of the product.</p>\n<ul>\n<li><p><strong>URL</strong>: <code>/sbom/parking/vulnerabilities/matrix</code></p>\n</li>\n<li><p><strong>Method</strong>: <code>GET</code></p>\n</li>\n</ul>\n<h3 id=\"detailed-scores\">Detailed Scores</h3>\n<p>Exact count of vulnerabilities for each specific CVSS score (e.g., 9.8, 7.5).</p>\n<ul>\n<li><p><strong>URL</strong>: <code>/sbom/parking/vulnerabilities/score-detailed</code></p>\n</li>\n<li><p><strong>Method</strong>: <code>GET</code></p>\n</li>\n</ul>\n<hr>\n<h2 id=\"5-network-graph-visualization\">5. Network Graph Visualization</h2>\n<h3 id=\"graph-nodes\">Graph Nodes</h3>\n<p>Returns all unique nodes (Components and CVEs) for the graph representation.</p>\n<ul>\n<li><p><strong>URL</strong>: <code>/sbom/parking/network-graph/nodes</code></p>\n</li>\n<li><p><strong>Method</strong>: <code>GET</code></p>\n</li>\n</ul>\n<h3 id=\"graph-links\">Graph Links</h3>\n<p>Returns the relationships (links) between components and their related vulnerabilities, including severity and score.</p>\n<ul>\n<li><p><strong>URL</strong>: <code>/sbom/parking/network-graph/links</code></p>\n</li>\n<li><p><strong>Method</strong>: <code>GET</code></p>\n</li>\n<li><p><strong>Query Params</strong>: <code>productName</code> (optional).</p>\n</li>\n</ul>\n</body></html>","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","toc":[{"content":"SBOM API Endpoints Reference","slug":"sbom-api-endpoints-reference"}],"owner":"9809022","collectionId":"13dd02af-9871-4f95-a5d1-d715dd0afd28","publishedId":"2sAXxV5pNQ","public":true,"customColor":{"top-bar":"222e3c","right-sidebar":"303030","highlight":"00bfb4"},"publishDate":"2025-07-07T11:17:42.000Z"},"item":[{"name":"Database Backup","item":[{"name":"SecurityLab API: DB Backups","id":"07f34e56-9541-4ee2-8aad-979ebda1aaf9","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/backupList","urlObject":{"port":"2999","path":["backupList"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"07f34e56-9541-4ee2-8aad-979ebda1aaf9"},{"name":"SecurityLab API: Instant Backup","id":"f778b984-4c27-4897-afda-b09e9578688f","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[{"key":"Accept","value":"application/json","type":"text"},{"key":"Content-Type","value":"application/json","type":"text"}],"url":"{{sl-host}}:2999/instantBackup","urlObject":{"port":"2999","path":["instantBackup"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"f778b984-4c27-4897-afda-b09e9578688f"}],"id":"d8d4a855-4ca0-44d7-bbf4-52be412d2e0c","_postman_id":"d8d4a855-4ca0-44d7-bbf4-52be412d2e0c","description":""},{"name":"Telegram","item":[{"name":"telegram notify","id":"71f80003-1f01-4e33-b952-15b24f76bbc5","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"https://api.telegram.org/bot7696771019:AAEwjYnHe3YWU9I0Y-LAvDkl5udVWnpJ6l4/getChat?chat_id=@dbe_securitylab","urlObject":{"protocol":"https","path":["bot7696771019:AAEwjYnHe3YWU9I0Y-LAvDkl5udVWnpJ6l4","getChat"],"host":["api","telegram","org"],"query":[{"key":"chat_id","value":"@dbe_securitylab"}],"variable":[]}},"response":[],"_postman_id":"71f80003-1f01-4e33-b952-15b24f76bbc5"}],"id":"29530807-6a5e-432c-a3ce-ebfc5f1b5efa","_postman_id":"29530807-6a5e-432c-a3ce-ebfc5f1b5efa","description":""},{"name":"Database","item":[{"name":"Faac Cortex Data: Endpoints","id":"2b9b9e5a-9a29-4e95-9a6e-70dfcfb62947","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[{"key":"Accept","value":"application/json","type":"text"},{"key":"Content-Type","value":"application/json","type":"text"}],"url":"{{sl-host}}:2999/getSecDataCortexEndpoint","urlObject":{"port":"2999","path":["getSecDataCortexEndpoint"],"host":["{{sl-host}}"],"query":[{"disabled":true,"key":"id","value":""},{"disabled":true,"key":"endpoint_name","value":""},{"disabled":true,"key":"cves","value":""},{"disabled":true,"key":"ip_address","value":""},{"disabled":true,"key":"mac_address","value":""},{"disabled":true,"key":"severity","value":""},{"disabled":true,"key":"severity_score","value":""},{"disabled":true,"key":"platform","value":""},{"disabled":true,"key":"endpoint_status","value":""},{"disabled":true,"key":"endpoint_type","value":""},{"disabled":true,"key":"operating_system","value":""},{"disabled":true,"key":"bit_version","value":""},{"disabled":true,"key":"os_version","value":""},{"disabled":true,"key":"kernel_version","value":""},{"disabled":true,"key":"last_reported_timestamp","value":""},{"disabled":true,"key":"last_calculated","value":""},{"disabled":true,"key":"host_insights","value":""},{"disabled":true,"key":"endpoint_groups","value":""},{"disabled":true,"key":"page","value":"1"},{"disabled":true,"key":"limit","value":"10"}],"variable":[]}},"response":[{"id":"486f4844-6fce-470a-9954-db31406e9563","name":"Faac Cortex Data: Endpoints","originalRequest":{"method":"GET","header":[{"key":"Accept","value":"application/json","type":"text"},{"key":"Content-Type","value":"application/json","type":"text"}],"url":{"raw":"{{sl-host}}:2999/getSecDataCortexEndpoint?page=1&limit=1","host":["{{sl-host}}"],"port":"2999","path":["getSecDataCortexEndpoint"],"query":[{"key":"id","value":"","disabled":true},{"key":"endpoint_name","value":"","disabled":true},{"key":"cves","value":"","disabled":true},{"key":"ip_address","value":"","disabled":true},{"key":"mac_address","value":"","disabled":true},{"key":"severity","value":"","disabled":true},{"key":"severity_score","value":"","disabled":true},{"key":"platform","value":"","disabled":true},{"key":"endpoint_status","value":"","disabled":true},{"key":"endpoint_type","value":"","disabled":true},{"key":"operating_system","value":"","disabled":true},{"key":"bit_version","value":"","disabled":true},{"key":"os_version","value":"","disabled":true},{"key":"kernel_version","value":"","disabled":true},{"key":"last_reported_timestamp","value":"","disabled":true},{"key":"last_calculated","value":"","disabled":true},{"key":"host_insights","value":"","disabled":true},{"key":"endpoint_groups","value":"","disabled":true},{"key":"page","value":"1"},{"key":"limit","value":"1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"8766"},{"key":"ETag","value":"W/\"223e-bnWrNvcvP7TTWkc3xMyubmqWZzk\""},{"key":"Date","value":"Tue, 22 Apr 2025 12:45:31 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"[\n    {\n        \"id\": 35380,\n        \"endpoint_name\": \"FG-IT-NB-132\",\n        \"cves\": [\n            \"CVE-2024-9680, CVE-2024-9399, CVE-2024-9398, CVE-2024-9397, CVE-2024-9394, CVE-2024-9393, CVE-2024-8389, CVE-2024-8388, CVE-2024-8387, CVE-2024-8386, CVE-2024-8385, CVE-2024-8384, CVE-2024-8383, CVE-2024-8382, CVE-2024-8381, CVE-2024-7531, CVE-2024-7530, CVE-2024-7529, CVE-2024-7528, CVE-2024-7527, CVE-2024-7526, CVE-2024-7525, CVE-2024-7524, CVE-2024-7523, CVE-2024-7522, CVE-2024-7521, CVE-2024-7520, CVE-2024-7519, CVE-2024-7518, CVE-2024-6610, CVE-2024-6609, CVE-2024-6608, CVE-2024-6197, CVE-2024-5698, CVE-2024-5697, CVE-2024-5695, CVE-2024-5694, CVE-2024-5691, CVE-2024-5690, CVE-2024-5689, CVE-2024-43616, CVE-2024-43615, CVE-2024-43609, CVE-2024-43599, CVE-2024-43590, CVE-2024-43585, CVE-2024-43583, CVE-2024-43582, CVE-2024-43581, CVE-2024-43576, CVE-2024-43574, CVE-2024-43573, CVE-2024-43572, CVE-2024-43570, CVE-2024-43565, CVE-2024-43563, CVE-2024-43562, CVE-2024-43561, CVE-2024-43560, CVE-2024-43559, CVE-2024-43558, CVE-2024-43557, CVE-2024-43556, CVE-2024-43555, CVE-2024-43554, CVE-2024-43553, CVE-2024-43551, CVE-2024-43550, CVE-2024-43547, CVE-2024-43546, CVE-2024-43543, CVE-2024-43542, CVE-2024-43540, CVE-2024-43538, CVE-2024-43537, CVE-2024-43536, CVE-2024-43535, CVE-2024-43534, CVE-2024-43532, CVE-2024-43529, CVE-2024-43528, CVE-2024-43526, CVE-2024-43525, CVE-2024-43524, CVE-2024-43523, CVE-2024-43520, CVE-2024-43519, CVE-2024-43518, CVE-2024-43517, CVE-2024-43516, CVE-2024-43515, CVE-2024-43514, CVE-2024-43513, CVE-2024-43511, CVE-2024-43509, CVE-2024-43506, CVE-2024-43505, CVE-2024-43504, CVE-2024-43502, CVE-2024-43501, CVE-2024-43487, CVE-2024-43485, CVE-2024-43484, CVE-2024-43483, CVE-2024-43461, CVE-2024-38257, CVE-2024-38256, CVE-2024-38254, CVE-2024-38252, CVE-2024-38250, CVE-2024-38249, CVE-2024-38248, CVE-2024-38247, CVE-2024-38246, CVE-2024-38245, CVE-2024-38244, CVE-2024-38243, CVE-2024-38242, CVE-2024-38241, CVE-2024-38240, CVE-2024-38239, CVE-2024-38238, CVE-2024-38237, CVE-2024-38235, CVE-2024-38234, CVE-2024-38217, CVE-2024-38202, CVE-2024-38149, CVE-2024-38119, CVE-2024-38095, CVE-2024-38081, CVE-2024-38046, CVE-2024-38045, CVE-2024-38014, CVE-2024-37983, CVE-2024-37982, CVE-2024-37976, CVE-2024-30092, CVE-2024-30073, CVE-2024-21416, CVE-2024-21409, CVE-2024-20672, CVE-2024-20659, CVE-2024-10468, CVE-2024-10467, CVE-2024-10466, CVE-2024-10465, CVE-2024-10464, CVE-2024-10463, CVE-2024-10462, CVE-2024-10461, CVE-2024-10460, CVE-2024-10459, CVE-2024-10458, CVE-2024-0755, CVE-2024-0754, CVE-2024-0753, CVE-2024-0752, CVE-2024-0751, CVE-2024-0750, CVE-2024-0749, CVE-2024-0748, CVE-2024-0747, CVE-2024-0746, CVE-2024-0745, CVE-2024-0744, CVE-2024-0743, CVE-2024-0742, CVE-2024-0741, CVE-2023-6873, CVE-2023-6872, CVE-2023-6871, CVE-2023-6870, CVE-2023-6869, CVE-2023-6868, CVE-2023-6867, CVE-2023-6866, CVE-2023-6865, CVE-2023-6864, CVE-2023-6863, CVE-2023-6861, CVE-2023-6860, CVE-2023-6859, CVE-2023-6858, CVE-2023-6857, CVE-2023-6856, CVE-2023-6213, CVE-2023-6212, CVE-2023-6211, CVE-2023-6210, CVE-2023-6209, CVE-2023-6208, CVE-2023-6207, CVE-2023-6206, CVE-2023-6205, CVE-2023-6204, CVE-2023-6135, CVE-2023-5731, CVE-2023-5730, CVE-2023-5729, CVE-2023-5728, CVE-2023-5727, CVE-2023-5726, CVE-2023-5725, CVE-2023-5724, CVE-2023-5723, CVE-2023-5722, CVE-2023-5721, CVE-2023-5217, CVE-2023-5176, CVE-2023-5175, CVE-2023-5174, CVE-2023-5173, CVE-2023-5172, CVE-2023-5171, CVE-2023-5170, CVE-2023-5169, CVE-2023-5168, CVE-2023-4863, CVE-2023-4585, CVE-2023-4584, CVE-2023-4583, CVE-2023-4582, CVE-2023-4581, CVE-2023-4580, CVE-2023-4579, CVE-2023-4578, CVE-2023-4577, CVE-2023-4576, CVE-2023-4575, CVE-2023-4574, CVE-2023-4573, CVE-2023-4058, CVE-2023-4057, CVE-2023-4056, CVE-2023-4055, CVE-2023-4054, CVE-2023-4053, CVE-2023-4052, CVE-2023-4051, CVE-2023-4050, CVE-2023-4049, CVE-2023-4048, CVE-2023-4047, CVE-2023-4046, CVE-2023-4045, CVE-2023-40166, CVE-2023-40164, CVE-2023-40036, CVE-2023-40031, CVE-2023-37212, CVE-2023-37211, CVE-2023-37210, CVE-2023-37209, CVE-2023-37208, CVE-2023-37207, CVE-2023-37206, CVE-2023-37205, CVE-2023-37204, CVE-2023-37203, CVE-2023-37202, CVE-2023-37201, CVE-2023-3482, CVE-2023-34417, CVE-2023-34416, CVE-2023-34415, CVE-2023-34414, CVE-2023-32216, CVE-2023-32215, CVE-2023-32214, CVE-2023-32213, CVE-2023-32212, CVE-2023-32211, CVE-2023-32210, CVE-2023-32209, CVE-2023-32208, CVE-2023-32207, CVE-2023-32206, CVE-2023-32205, CVE-2023-31102, CVE-2023-29551, CVE-2023-29550, CVE-2023-29549, CVE-2023-29548, CVE-2023-29547, CVE-2023-29546, CVE-2023-29545, CVE-2023-29544, CVE-2023-29543, CVE-2023-29542, CVE-2023-29541, CVE-2023-29540, CVE-2023-29539, CVE-2023-29538, CVE-2023-29537, CVE-2023-29536, CVE-2023-29535, CVE-2023-29534, CVE-2023-29533, CVE-2023-29532, CVE-2023-29531, CVE-2023-29330, CVE-2023-29328, CVE-2023-28177, CVE-2023-28176, CVE-2023-28164, CVE-2023-28163, CVE-2023-28162, CVE-2023-28161, CVE-2023-28160, CVE-2023-28159, CVE-2023-25752, CVE-2023-25751, CVE-2023-25750, CVE-2023-25749, CVE-2023-25748, CVE-2023-25745, CVE-2023-25744, CVE-2023-25743, CVE-2023-25742, CVE-2023-25741, CVE-2023-25740, CVE-2023-25739, CVE-2023-25738, CVE-2023-25737, CVE-2023-25736, CVE-2023-25735, CVE-2023-25734, CVE-2023-25733, CVE-2023-25732, CVE-2023-25731, CVE-2023-25730, CVE-2023-25729, CVE-2023-25728, CVE-2023-23606, CVE-2023-23605, CVE-2023-23604, CVE-2023-23603, CVE-2023-23602, CVE-2023-23601, CVE-2023-23600, CVE-2023-23599, CVE-2023-23598, CVE-2023-23597, CVE-2023-0767, CVE-2022-46879, CVE-2022-46878, CVE-2022-46877, CVE-2022-46875, CVE-2022-46874, CVE-2022-46873, CVE-2022-46872, CVE-2022-46871, CVE-2022-45421, CVE-2022-45420, CVE-2022-45419, CVE-2022-45418, CVE-2022-45417, CVE-2022-45416, CVE-2022-45415, CVE-2022-45413, CVE-2022-45412, CVE-2022-45411, CVE-2022-45410, CVE-2022-45409, CVE-2022-45408, CVE-2022-45407, CVE-2022-45406, CVE-2022-45405, CVE-2022-45404, CVE-2022-45403, CVE-2022-42932, CVE-2022-42931, CVE-2022-42930, CVE-2022-42929, CVE-2022-42928, CVE-2022-42927, CVE-2022-40962, CVE-2022-40960, CVE-2022-40959, CVE-2022-40958, CVE-2022-40957, CVE-2022-40956, CVE-2022-40674, CVE-2022-38478, CVE-2022-38477, CVE-2022-38475, CVE-2022-38474, CVE-2022-38473, CVE-2022-38472, CVE-2022-36320, CVE-2022-36319, CVE-2022-36318, CVE-2022-36317, CVE-2022-36316, CVE-2022-36315, CVE-2022-36314, CVE-2022-34485, CVE-2022-34484, CVE-2022-34483, CVE-2022-34482, CVE-2022-34481, CVE-2022-34480, CVE-2022-34479, CVE-2022-34478, CVE-2022-34477, CVE-2022-34476, CVE-2022-34475, CVE-2022-34474, CVE-2022-34473, CVE-2022-34472, CVE-2022-34471, CVE-2022-34470, CVE-2022-34469, CVE-2022-34468, CVE-2022-31902, CVE-2022-31901, CVE-2022-31748, CVE-2022-31747, CVE-2022-31745, CVE-2022-31744, CVE-2022-31743, CVE-2022-31742, CVE-2022-31741, CVE-2022-31740, CVE-2022-31739, CVE-2022-31738, CVE-2022-31737, CVE-2022-31736, CVE-2022-29918, CVE-2022-29917, CVE-2022-29916, CVE-2022-29915, CVE-2022-29914, CVE-2022-29912, CVE-2022-29911, CVE-2022-29910, CVE-2022-29909, CVE-2022-29072, CVE-2022-28289, CVE-2022-28288, CVE-2022-28287, CVE-2022-28286, CVE-2022-28285, CVE-2022-28284, CVE-2022-28283, CVE-2022-28282, CVE-2022-28281, CVE-2022-26486, CVE-2022-26485, CVE-2022-26387, CVE-2022-26385, CVE-2022-26384, CVE-2022-26383, CVE-2022-26382, CVE-2022-26381, CVE-2022-2505, CVE-2022-24713, CVE-2022-22764, CVE-2022-22762, CVE-2022-22761, CVE-2022-22760, CVE-2022-22759, CVE-2022-22758, CVE-2022-22757, CVE-2022-22756, CVE-2022-22755, CVE-2022-22754, CVE-2022-22753, CVE-2022-22752, CVE-2022-22751, CVE-2022-22750, CVE-2022-22749, CVE-2022-22748, CVE-2022-22747, CVE-2022-22746, CVE-2022-22745, CVE-2022-22744, CVE-2022-22743, CVE-2022-22742, CVE-2022-22741, CVE-2022-22740, CVE-2022-22739, CVE-2022-22738, CVE-2022-22737, CVE-2022-22736, CVE-2022-2200, CVE-2022-1919, CVE-2022-1802, CVE-2022-1529, CVE-2022-1097, CVE-2022-0843, CVE-2022-0511, CVE-2021-43546, CVE-2021-43545, CVE-2021-43544, CVE-2021-43543, CVE-2021-43542, CVE-2021-43541, CVE-2021-43540, CVE-2021-43539, CVE-2021-43538, CVE-2021-43537, CVE-2021-43536, CVE-2021-4140, CVE-2021-38510, CVE-2021-38509, CVE-2021-38508, CVE-2021-38507, CVE-2021-38506, CVE-2021-38505, CVE-2021-38504, CVE-2021-38503, CVE-2021-38501, CVE-2021-38500, CVE-2021-38499, CVE-2021-38498, CVE-2021-38497, CVE-2021-38496, CVE-2021-38494, CVE-2021-38493, CVE-2021-38492, CVE-2021-38491, CVE-2021-32810, CVE-2021-29993\"\n        ],\n        \"ip_address\": [\n            \"10.230.0.106\",\n            \"192.168.1.137\"\n        ],\n        \"mac_address\": [\n            \"02:50:41:00:00:01\",\n            \"98:43:fa:f6:87:95\"\n        ],\n        \"severity\": \"Critical\",\n        \"severity_score\": 10,\n        \"platform\": \"Windows\",\n        \"endpoint_status\": \"Connected\",\n        \"endpoint_type\": \"Workstation\",\n        \"operating_system\": \"Windows 10\",\n        \"bit_version\": \"x64\",\n        \"os_version\": \"10.0.19045\",\n        \"kernel_version\": null,\n        \"last_reported_timestamp\": null,\n        \"last_calculated\": null,\n        \"host_insights\": \"Enabled\",\n        \"endpoint_groups\": \"Faacspa Domain, NewComputers\"\n    }\n]"}],"_postman_id":"2b9b9e5a-9a29-4e95-9a6e-70dfcfb62947"},{"name":"Cves Nist: Endpoints","id":"8eb8f485-e8c7-4db0-b055-a019ac5fa85a","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[{"key":"Accept","value":"application/json","type":"text"},{"key":"Content-Type","value":"application/json","type":"text"}],"url":"{{sl-host}}:2999/getCveData","urlObject":{"port":"2999","path":["getCveData"],"host":["{{sl-host}}"],"query":[{"disabled":true,"key":"id","value":""},{"disabled":true,"key":"description","value":""},{"disabled":true,"key":"severity","value":""},{"disabled":true,"key":"published_date","value":""},{"disabled":true,"key":"last_modified_date","value":""},{"disabled":true,"key":"cve_references","value":""},{"disabled":true,"key":"severity_score","value":""},{"disabled":true,"key":"cvss_score","value":""},{"disabled":true,"key":"cvss_vector","value":""},{"disabled":true,"key":"affected_products","value":""},{"disabled":true,"key":"created_at","value":""},{"disabled":true,"key":"updated_at","value":""},{"disabled":true,"key":"kernel_version","value":""},{"disabled":true,"key":"last_reported_timestamp","value":""},{"disabled":true,"key":"page","value":null},{"disabled":true,"key":"limit","value":null}],"variable":[]}},"response":[{"id":"84df9ddb-d0c1-4bbc-a377-e6807fdf61c8","name":"Cves Nist: Endpoints","originalRequest":{"method":"GET","header":[{"key":"Accept","value":"application/json","type":"text"},{"key":"Content-Type","value":"application/json","type":"text"}],"url":{"raw":"{{sl-host}}:2999/getCveData?page=1&limit=1","host":["{{sl-host}}"],"port":"2999","path":["getCveData"],"query":[{"key":"id","value":"","disabled":true},{"key":"description","value":"","disabled":true},{"key":"severity","value":"","disabled":true},{"key":"published_date","value":"","disabled":true},{"key":"last_modified_date","value":"","disabled":true},{"key":"cve_references","value":"","disabled":true},{"key":"severity_score","value":"","disabled":true},{"key":"cvss_score","value":"","disabled":true},{"key":"cvss_vector","value":"","disabled":true},{"key":"affected_products","value":"","disabled":true},{"key":"created_at","value":"","disabled":true},{"key":"updated_at","value":"","disabled":true},{"key":"kernel_version","value":"","disabled":true},{"key":"last_reported_timestamp","value":"","disabled":true},{"key":"page","value":"1"},{"key":"limit","value":"1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"1271"},{"key":"ETag","value":"W/\"4f7-HbHKIZXdJ3sim21IsaHYrsmLBGs\""},{"key":"Date","value":"Tue, 22 Apr 2025 12:45:35 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"[\n    {\n        \"id\": \"CVE-2025-2257\",\n        \"description\": \"The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.10 via the compression_level setting. This is due to the plugin using the compression_level setting in proc_open() without any validation. This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server.\",\n        \"severity\": \"HIGH\",\n        \"published_date\": \"2025-03-26T08:15:16.647Z\",\n        \"last_modified_date\": \"2025-03-26T08:15:16.647Z\",\n        \"cve_references\": [\n            \"https://github.com/BoldGrid/boldgrid-backup/pull/622/files\",\n            \"https://plugins.svn.wordpress.org/boldgrid-backup/tags/1.16.7/admin/compressor/class-boldgrid-backup-admin-compressor-system-zip.php\",\n            \"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3257988%40boldgrid-backup&new=3257988%40boldgrid-backup&sfp_email=&sfph_mail=#file9\",\n            \"https://www.wordfence.com/threat-intel/vulnerabilities/id/1ec3cc3e-c11b-43b6-9dd0-caa5ccfb90c8?source=cve\"\n        ],\n        \"cvss_score\": \"7.2\",\n        \"cvss_vector\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\n        \"affected_products\": [],\n        \"created_at\": \"2025-03-26T09:30:52.193Z\",\n        \"updated_at\": \"2025-03-26T10:11:30.161Z\"\n    }\n]"}],"_postman_id":"8eb8f485-e8c7-4db0-b055-a019ac5fa85a"},{"name":"Cves Nist: Top Daily","id":"ccb0b2f3-4ca4-481d-9ffb-8c3ed0d6738c","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[{"key":"Accept","value":"application/json","type":"text"},{"key":"Content-Type","value":"application/json","type":"text"}],"url":"{{sl-host}}:2999/topDailyCVEs","urlObject":{"port":"2999","path":["topDailyCVEs"],"host":["{{sl-host}}"],"query":[{"disabled":true,"key":"id","value":""},{"disabled":true,"key":"description","value":""},{"disabled":true,"key":"severity","value":""},{"disabled":true,"key":"published_date","value":""},{"disabled":true,"key":"last_modified_date","value":""},{"disabled":true,"key":"cve_references","value":""},{"disabled":true,"key":"severity_score","value":""},{"disabled":true,"key":"cvss_score","value":""},{"disabled":true,"key":"cvss_vector","value":""},{"disabled":true,"key":"affected_products","value":""},{"disabled":true,"key":"created_at","value":""},{"disabled":true,"key":"updated_at","value":""},{"disabled":true,"key":"kernel_version","value":""},{"disabled":true,"key":"last_reported_timestamp","value":""},{"disabled":true,"key":"page","value":null},{"disabled":true,"key":"limit","value":null}],"variable":[]}},"response":[],"_postman_id":"ccb0b2f3-4ca4-481d-9ffb-8c3ed0d6738c"},{"name":"Cves Nist: Endpoints Copy","id":"8f14683f-fec7-4b8b-9e2c-218816ba9d14","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[{"key":"Accept","value":"application/json","type":"text"},{"key":"Content-Type","value":"application/json","type":"text"}],"url":"{{sl-host}}:2999/getCveData?page=2&limit=10","urlObject":{"port":"2999","path":["getCveData"],"host":["{{sl-host}}"],"query":[{"disabled":true,"key":"id","value":""},{"disabled":true,"key":"description","value":""},{"disabled":true,"key":"severity","value":""},{"disabled":true,"key":"published_date","value":""},{"disabled":true,"key":"last_modified_date","value":""},{"disabled":true,"key":"cve_references","value":""},{"disabled":true,"key":"severity_score","value":""},{"disabled":true,"key":"cvss_score","value":""},{"disabled":true,"key":"cvss_vector","value":""},{"disabled":true,"key":"affected_products","value":""},{"disabled":true,"key":"created_at","value":""},{"disabled":true,"key":"updated_at","value":""},{"disabled":true,"key":"kernel_version","value":""},{"disabled":true,"key":"last_reported_timestamp","value":""},{"key":"page","value":"2"},{"key":"limit","value":"10"}],"variable":[]}},"response":[{"id":"52c6b720-5af3-415c-9a16-3851a52ac959","name":"Cves Nist: Endpoints","originalRequest":{"method":"GET","header":[{"key":"Accept","value":"application/json","type":"text"},{"key":"Content-Type","value":"application/json","type":"text"}],"url":{"raw":"{{sl-host}}:2999/getCveData?page=1&limit=1","host":["{{sl-host}}"],"port":"2999","path":["getCveData"],"query":[{"key":"id","value":"","disabled":true},{"key":"description","value":"","disabled":true},{"key":"severity","value":"","disabled":true},{"key":"published_date","value":"","disabled":true},{"key":"last_modified_date","value":"","disabled":true},{"key":"cve_references","value":"","disabled":true},{"key":"severity_score","value":"","disabled":true},{"key":"cvss_score","value":"","disabled":true},{"key":"cvss_vector","value":"","disabled":true},{"key":"affected_products","value":"","disabled":true},{"key":"created_at","value":"","disabled":true},{"key":"updated_at","value":"","disabled":true},{"key":"kernel_version","value":"","disabled":true},{"key":"last_reported_timestamp","value":"","disabled":true},{"key":"page","value":"1"},{"key":"limit","value":"1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"1271"},{"key":"ETag","value":"W/\"4f7-HbHKIZXdJ3sim21IsaHYrsmLBGs\""},{"key":"Date","value":"Tue, 22 Apr 2025 12:45:35 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"[\n    {\n        \"id\": \"CVE-2025-2257\",\n        \"description\": \"The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.10 via the compression_level setting. This is due to the plugin using the compression_level setting in proc_open() without any validation. This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server.\",\n        \"severity\": \"HIGH\",\n        \"published_date\": \"2025-03-26T08:15:16.647Z\",\n        \"last_modified_date\": \"2025-03-26T08:15:16.647Z\",\n        \"cve_references\": [\n            \"https://github.com/BoldGrid/boldgrid-backup/pull/622/files\",\n            \"https://plugins.svn.wordpress.org/boldgrid-backup/tags/1.16.7/admin/compressor/class-boldgrid-backup-admin-compressor-system-zip.php\",\n            \"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3257988%40boldgrid-backup&new=3257988%40boldgrid-backup&sfp_email=&sfph_mail=#file9\",\n            \"https://www.wordfence.com/threat-intel/vulnerabilities/id/1ec3cc3e-c11b-43b6-9dd0-caa5ccfb90c8?source=cve\"\n        ],\n        \"cvss_score\": \"7.2\",\n        \"cvss_vector\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\n        \"affected_products\": [],\n        \"created_at\": \"2025-03-26T09:30:52.193Z\",\n        \"updated_at\": \"2025-03-26T10:11:30.161Z\"\n    }\n]"}],"_postman_id":"8f14683f-fec7-4b8b-9e2c-218816ba9d14"},{"name":"JBL Top 10 Vulnerability","id":"c2a8c24a-ac27-4aa4-96b7-9a28e0cdf968","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[{"key":"Accept","value":"application/json","type":"text"},{"key":"Content-Type","value":"application/json","type":"text"}],"url":"{{sl-host}}:2999/jblTop10","urlObject":{"port":"2999","path":["jblTop10"],"host":["{{sl-host}}"],"query":[{"disabled":true,"key":"id","value":""},{"disabled":true,"key":"username","value":""},{"disabled":true,"key":"userdomain","value":""},{"disabled":true,"key":"ip_address","value":""},{"disabled":true,"key":"ip_location","value":""},{"disabled":true,"key":"manufacturer","value":""},{"disabled":true,"key":"model","value":""},{"disabled":true,"key":"os","value":""},{"disabled":true,"key":"sp","value":""},{"disabled":true,"key":"created_at","value":""},{"disabled":true,"key":"last_successful_scan","value":""},{"disabled":true,"key":"last_scan_attempt","value":""},{"disabled":true,"key":"softwarelist","value":""},{"disabled":true,"key":"page","value":"1"},{"disabled":true,"key":"limit","value":"10"}],"variable":[]}},"response":[],"_postman_id":"c2a8c24a-ac27-4aa4-96b7-9a28e0cdf968"},{"name":"Faac Software Inventory Copy","id":"7fb6239f-70c9-447c-9598-b44ffd979735","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[{"key":"Accept","value":"application/json","type":"text"},{"key":"Content-Type","value":"application/json","type":"text"}],"url":"{{sl-host}}:2999/getSoftwareInventory","urlObject":{"port":"2999","path":["getSoftwareInventory"],"host":["{{sl-host}}"],"query":[{"disabled":true,"key":"id","value":""},{"disabled":true,"key":"username","value":""},{"disabled":true,"key":"userdomain","value":""},{"disabled":true,"key":"ip_address","value":""},{"disabled":true,"key":"ip_location","value":""},{"disabled":true,"key":"manufacturer","value":""},{"disabled":true,"key":"model","value":""},{"disabled":true,"key":"os","value":""},{"disabled":true,"key":"sp","value":""},{"disabled":true,"key":"created_at","value":""},{"disabled":true,"key":"last_successful_scan","value":""},{"disabled":true,"key":"last_scan_attempt","value":""},{"disabled":true,"key":"softwarelist","value":""},{"disabled":true,"key":"page","value":"1"},{"disabled":true,"key":"limit","value":"10"}],"variable":[]}},"response":[],"_postman_id":"7fb6239f-70c9-447c-9598-b44ffd979735"}],"id":"d75e3e20-f350-426c-b42b-c8b93113c3e4","description":"<p>*<em>api: *</em> <code>/getSecDataCortexEndpoint</code></p>\n<p>*<em>parameters: *</em></p>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th><strong>parameter list</strong></th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>id</td>\n</tr>\n<tr>\n<td>endpoint_name</td>\n</tr>\n<tr>\n<td>severity</td>\n</tr>\n<tr>\n<td>platform</td>\n</tr>\n<tr>\n<td>endpoint_status</td>\n</tr>\n<tr>\n<td>endpoint_type</td>\n</tr>\n<tr>\n<td>operating_system</td>\n</tr>\n<tr>\n<td>bit_version</td>\n</tr>\n<tr>\n<td>os_version</td>\n</tr>\n<tr>\n<td>kernel_version</td>\n</tr>\n<tr>\n<td>last_reported_timestamp</td>\n</tr>\n<tr>\n<td>last_calculated</td>\n</tr>\n<tr>\n<td>host_insights</td>\n</tr>\n<tr>\n<td>endpoint_groups</td>\n</tr>\n</tbody>\n</table>\n</div>","_postman_id":"d75e3e20-f350-426c-b42b-c8b93113c3e4"},{"name":"Faac Security Data","item":[{"name":"Convert Cortex Reports","id":"8db1a983-fa9b-4e25-af13-509e6ab55539","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"url":"{{sl-host}}:2999/convertCortex","urlObject":{"port":"2999","path":["convertCortex"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"8db1a983-fa9b-4e25-af13-509e6ab55539"},{"name":"Cortex Data Import","id":"15dc4284-386d-4cc3-945e-69226bd39ff7","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"url":"{{sl-host}}:2999/import","urlObject":{"port":"2999","path":["import"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"15dc4284-386d-4cc3-945e-69226bd39ff7"},{"name":"Software Inventory (lansweeper) Import","id":"e16cc636-b32a-4ab6-9942-69fffe99cbaa","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"url":"{{sl-host}}:2999/softwareInventoryImport","urlObject":{"port":"2999","path":["softwareInventoryImport"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"e16cc636-b32a-4ab6-9942-69fffe99cbaa"},{"name":"Data Exporter: Csirt-Nist-IpMap","id":"f93dc7af-d072-4da4-ad89-369f37f4df85","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"url":"{{sl-host}}:2999/export","urlObject":{"port":"2999","path":["export"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"f93dc7af-d072-4da4-ad89-369f37f4df85"}],"id":"598e8c28-abaa-44d0-82dd-23e620647bcf","description":"<p>*<em>api: *</em> <code>/getSecDataCortexEndpoint</code></p>\n<p>*<em>parameters: *</em></p>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th><strong>parameter list</strong></th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>id</td>\n</tr>\n<tr>\n<td>endpoint_name</td>\n</tr>\n<tr>\n<td>severity</td>\n</tr>\n<tr>\n<td>platform</td>\n</tr>\n<tr>\n<td>endpoint_status</td>\n</tr>\n<tr>\n<td>endpoint_type</td>\n</tr>\n<tr>\n<td>operating_system</td>\n</tr>\n<tr>\n<td>bit_version</td>\n</tr>\n<tr>\n<td>os_version</td>\n</tr>\n<tr>\n<td>kernel_version</td>\n</tr>\n<tr>\n<td>last_reported_timestamp</td>\n</tr>\n<tr>\n<td>last_calculated</td>\n</tr>\n<tr>\n<td>host_insights</td>\n</tr>\n<tr>\n<td>endpoint_groups</td>\n</tr>\n</tbody>\n</table>\n</div>","_postman_id":"598e8c28-abaa-44d0-82dd-23e620647bcf"},{"name":"Cves","item":[{"name":"Data Consultant","item":[{"name":"GetCveData","id":"8dd3b5d6-0694-40de-8eaf-7663a44f5cd4","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/getCveData","urlObject":{"port":"2999","path":["getCveData"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"8dd3b5d6-0694-40de-8eaf-7663a44f5cd4"},{"name":"Top Daily Cves","id":"cfc91dce-19e6-404c-88a3-92e8ab213bab","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/getCveData","urlObject":{"port":"2999","path":["getCveData"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"cfc91dce-19e6-404c-88a3-92e8ab213bab"},{"name":"Severity Counts","id":"153fe05e-1f23-4bf0-a303-bea5df976783","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/getSeverityCounts","urlObject":{"port":"2999","path":["getSeverityCounts"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"153fe05e-1f23-4bf0-a303-bea5df976783"},{"name":"Year Counts","id":"e8783b4c-6903-4faf-9858-b0677cbd7b9a","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/getYearCounts","urlObject":{"port":"2999","path":["getYearCounts"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"e8783b4c-6903-4faf-9858-b0677cbd7b9a"}],"id":"4ea0825a-6d71-48e5-90ee-3135aea00d89","_postman_id":"4ea0825a-6d71-48e5-90ee-3135aea00d89","description":""},{"name":"Data Import","item":[{"name":"CVES Nist Data Import","id":"ebeeccc8-d95d-4c08-a9d7-ed1df4415ca9","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"url":"{{sl-host}}:2999/nistcvesGetAndImport","urlObject":{"port":"2999","path":["nistcvesGetAndImport"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"ebeeccc8-d95d-4c08-a9d7-ed1df4415ca9"},{"name":"Euvd Full Import","id":"0a3de91d-81cd-4dda-b4a3-8f49a034ead6","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n    \"fromDate\": \"1970-12-08\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{sl-host}}:2999/euvdFullImport","urlObject":{"port":"2999","path":["euvdFullImport"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"0a3de91d-81cd-4dda-b4a3-8f49a034ead6"},{"name":"Incremental Import","id":"c268a665-f42c-4134-a578-cbb427c903e7","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"url":"{{sl-host}}:{{sl-port}}/incrementalImport","urlObject":{"port":"{{sl-port}}","path":["incrementalImport"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"c268a665-f42c-4134-a578-cbb427c903e7"},{"name":"Force Full Import","id":"2a92e653-34b2-4220-8937-1e0187569eb7","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"url":"{{sl-host}}:2999/forceFullImport","urlObject":{"port":"2999","path":["forceFullImport"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"2a92e653-34b2-4220-8937-1e0187569eb7"},{"name":"Import With Date Range","id":"4e726121-bf88-4cc4-9101-f25445577bc7","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"url":"{{sl-host}}:2999/importWithDateRange","urlObject":{"port":"2999","path":["importWithDateRange"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"4e726121-bf88-4cc4-9101-f25445577bc7"}],"id":"fa56890a-d2f7-4fe0-8b23-53b861827785","_postman_id":"fa56890a-d2f7-4fe0-8b23-53b861827785","description":""},{"name":"Data Monitoring","item":[{"name":"Get Last Modification Date","id":"2ced66ef-3f49-4e42-8fb4-e344988cfc08","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/getLatestModificationDate","urlObject":{"port":"2999","path":["getLatestModificationDate"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"2ced66ef-3f49-4e42-8fb4-e344988cfc08"}],"id":"114b5295-2241-4615-8d61-309f8a770e01","_postman_id":"114b5295-2241-4615-8d61-309f8a770e01","description":""},{"name":"Internal","item":[{"name":"Cpe List","id":"30dd2271-236a-4fc9-ad43-2a53ec501bf3","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/internalCpeList","urlObject":{"port":"2999","path":["internalCpeList"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"30dd2271-236a-4fc9-ad43-2a53ec501bf3"},{"name":"Epss List","id":"6b5eb2fc-f83d-4a65-bf44-552c4adf5dae","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/internalEpssList","urlObject":{"port":"2999","path":["internalEpssList"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"6b5eb2fc-f83d-4a65-bf44-552c4adf5dae"},{"name":"Cisa List","id":"2d1d3558-f0c8-4585-b375-797e64cadfc2","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/internalCisaList","urlObject":{"port":"2999","path":["internalCisaList"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"2d1d3558-f0c8-4585-b375-797e64cadfc2"}],"id":"bf4a61dd-a44b-4772-b2f1-803b56270b7e","_postman_id":"bf4a61dd-a44b-4772-b2f1-803b56270b7e","description":""},{"name":"Enrichment","item":[{"name":"EUVD Full","id":"0701a0e7-c6b5-4616-b4f8-230c5e533adb","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n  \"fromDate\": \"2025-12-10\",\r\n  \"toDate\": \"2026-01-30\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{sl-host}}:2999/euvdFullImport","urlObject":{"port":"2999","path":["euvdFullImport"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"0701a0e7-c6b5-4616-b4f8-230c5e533adb"},{"name":"EPSS Full","id":"12ab480e-24db-418a-a59d-6fca57547e84","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"url":"{{sl-host}}:2999/enrichment/epss/full","urlObject":{"port":"2999","path":["enrichment","epss","full"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"12ab480e-24db-418a-a59d-6fca57547e84"},{"name":"EPSS Full Csv","id":"3c09c8f2-594f-4433-beee-1c3a4e755969","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"url":"{{sl-host}}:2999/enrichment/epss/full-csv","urlObject":{"port":"2999","path":["enrichment","epss","full-csv"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"3c09c8f2-594f-4433-beee-1c3a4e755969"},{"name":"EPSS Incremental","id":"7d98a28f-e9ea-4744-8400-447d34cf9ca3","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"url":"{{sl-host}}:{{sl-port}}/enrichment/epss/incremental","urlObject":{"port":"{{sl-port}}","path":["enrichment","epss","incremental"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"7d98a28f-e9ea-4744-8400-447d34cf9ca3"},{"name":"CISA Full Json","id":"138c4534-4405-41f9-8003-4d5a40b73b91","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"url":"{{sl-host}}:2999/enrichment/cisa/full-json","urlObject":{"port":"2999","path":["enrichment","cisa","full-json"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"138c4534-4405-41f9-8003-4d5a40b73b91"},{"name":"Enrich-Cves AzureAi","id":"b17d1807-e7ad-448e-9017-a0bc89337144","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n    \"cveIds\": [  \r\n        \"CVE-2025-12037\",\r\n  \"CVE-2026-27171\",\r\n  \"CVE-2026-27038\",\r\n  \"CVE-2026-27037\",\r\n  \"CVE-2026-27036\",\r\n  \"CVE-2026-27035\",\r\n  \"CVE-2026-27034\",\r\n  \"CVE-2026-27033\",\r\n  \"CVE-2026-27032\",\r\n  \"CVE-2026-27031\",\r\n  \"CVE-2026-23599\",\r\n  \"CVE-2026-22048\",\r\n  \"CVE-2026-1344\",\r\n  \"CVE-2026-2570\",\r\n  \"CVE-2026-26119\",\r\n  \"CVE-2026-1670\",\r\n  \"CVE-2025-62183\",\r\n  \"CVE-2025-13689\",\r\n  \"CVE-2025-13333\",\r\n  \"CVE-2026-2629\",\r\n  \"CVE-2026-2627\",\r\n  \"CVE-2026-2623\",\r\n  \"CVE-2025-36348\",\r\n  \"CVE-2025-36183\",\r\n  \"CVE-2025-33135\",\r\n  \"CVE-2025-33088\",\r\n  \"CVE-2023-38005\",\r\n  \"CVE-2026-2622\",\r\n  \"CVE-2026-2621\",\r\n  \"CVE-2026-23598\",\r\n  \"CVE-2026-23597\",\r\n  \"CVE-2026-23596\",\r\n  \"CVE-2026-23595\",\r\n  \"CVE-2025-36379\",\r\n  \"CVE-2025-36377\",\r\n  \"CVE-2025-36376\",\r\n  \"CVE-2025-14289\",\r\n  \"CVE-2025-13691\",\r\n  \"CVE-2026-2620\",\r\n  \"CVE-2026-26357\",\r\n  \"CVE-2026-22769\",\r\n  \"CVE-2026-22762\",\r\n  \"CVE-2026-22284\",\r\n  \"CVE-2026-0102\",\r\n  \"CVE-2025-70846\",\r\n  \"CVE-2025-67102\",\r\n  \"CVE-2025-36598\",\r\n  \"CVE-2025-36597\",\r\n  \"CVE-2025-36243\",\r\n  \"CVE-2025-33130\",\r\n  \"CVE-2025-33124\",\r\n  \"CVE-2025-33101\",\r\n  \"CVE-2025-33089\",\r\n  \"CVE-2025-32355\",\r\n  \"CVE-2025-27904\",\r\n  \"CVE-2025-27903\",\r\n  \"CVE-2025-27901\",\r\n  \"CVE-2025-27900\",\r\n  \"CVE-2025-27899\",\r\n  \"CVE-2025-27898\",\r\n  \"CVE-2025-13108\",\r\n  \"CVE-2023-38265\",\r\n  \"CVE-2026-2630\",\r\n  \"CVE-2026-26736\",\r\n  \"CVE-2026-26732\",\r\n  \"CVE-2026-26731\",\r\n  \"CVE-2026-24734\",\r\n  \"CVE-2026-24733\",\r\n  \"CVE-2025-66614\",\r\n  \"CVE-2025-59793\",\r\n  \"CVE-2025-36019\",\r\n  \"CVE-2025-36018\",\r\n  \"CVE-2025-12755\",\r\n  \"CVE-2024-43178\",\r\n  \"CVE-2026-1452\",\r\n  \"CVE-2025-36425\",\r\n  \"CVE-2025-36247\",\r\n  \"CVE-2025-14689\",\r\n  \"CVE-2025-13867\",\r\n  \"CVE-2024-55270\",\r\n  \"CVE-2026-2618\",\r\n  \"CVE-2026-23648\",\r\n  \"CVE-2026-23647\",\r\n  \"CVE-2025-67905\",\r\n  \"CVE-2024-55271\",\r\n  \"CVE-2026-2617\",\r\n  \"CVE-2025-70830\",\r\n  \"CVE-2025-70828\",\r\n  \"CVE-2025-70397\",\r\n  \"CVE-2025-65753\",\r\n  \"CVE-2026-2616\",\r\n  \"CVE-2026-22208\",\r\n  \"CVE-2025-70829\",\r\n  \"CVE-2024-31118\",\r\n  \"CVE-2022-41650\",\r\n  \"CVE-2026-25087\",\r\n  \"CVE-2026-23861\",\r\n  \"CVE-2025-7706\",\r\n  \"CVE-2026-2615\",\r\n  \"CVE-2026-2608\"\r\n    ],\r\n    \"llm\": {\r\n        \"provider\": \"azure\",\r\n        \"model\": \"gpt-4.1\",\r\n        \"temperature\": 0.1,\r\n        \"maxTokens\": 7000,\r\n        \"systemPrompt\": \"You are a Tier-3 cybersecurity analyst providing structured CVE analysis for enterprise environments. Output MUST be a single valid JSON object—no markdown, commentary, or extra text.\\n\\nCore Rules:\\n- Output = ONE JSON object only\\n- All fields required. If data unavailable: \\\"Not available / Not specified in input data\\\"\\n- Use ONLY input data evidence. Never invent CVSS scores, versions, exploit claims, patch links, or dates\\n- For conflicts: prefer CNA/vendor > NVD > third-party. Note conflict in data_quality.conflicts_or_ambiguities\\n- Target 250-900 words total for enterprise-ready detail\\n\\nInput:\\n1) CVE_JSON: {{CVE_JSON}}\\n2) CONTEXT_JSON (optional): {{CONTEXT_JSON}}\\nContext may include: organization_profile, deployment_model, asset_inventory, compensating_controls, patching_constraints\\n\\nObjectives:\\nA) Summarize vulnerability and business impact\\nB) Assess exploitability from input signals\\nC) Provide triage (category, team, SLA)\\nD) Deep assessment: C/I/A impact, prerequisites, blast radius, business risk\\nE) Enrichment: affected components, attack vectors, detection, mitigations, patches, verification\\n\\nClassification Values:\\n- exploit_status: \\\"In-the-Wild\\\" | \\\"Public PoC\\\" | \\\"High\\\" | \\\"Medium\\\" | \\\"Low\\\" | \\\"None\\\" | \\\"Not available / Not specified in input data\\\"\\n  Use \\\"In-the-Wild\\\" if input shows active exploitation (CISA KEV, vendor advisory). \\\"Public PoC\\\" if PoC exists. Otherwise infer from CVSS (AV/AC/PR/UI), vulnerability class, exposure\\n- triage_category: \\\"Critical - Patch Immediately\\\" | \\\"High - Urgent Verification\\\" | \\\"Medium - Schedule Patch\\\" | \\\"Low - Monitor\\\"\\n- triage_team: \\\"Incident Response\\\" | \\\"Patching Operations\\\" | \\\"Security Engineering\\\" | \\\"Monitoring\\\"\\n- business_risk_rating: \\\"1\\\" to \\\"5\\\" (5=highest)\\n\\nOutput Schema:\\n{\\n  \\\"cve_id\\\": \\\"\\\",\\n  \\\"title\\\": \\\"\\\",\\n  \\\"short_description\\\": \\\"\\\",\\n  \\\"why_it_matters\\\": \\\"\\\",\\n  \\\"severity\\\": {\\n    \\\"cvss_version\\\": \\\"\\\",\\n    \\\"cvss_base_score\\\": \\\"\\\",\\n    \\\"cvss_vector\\\": \\\"\\\",\\n    \\\"severity_label\\\": \\\"\\\"\\n  },\\n  \\\"vulnerability_class\\\": {\\n    \\\"cwe_ids\\\": [\\\"\\\"],\\n    \\\"weakness_summary\\\": \\\"\\\",\\n    \\\"attack_surface\\\": \\\"\\\"\\n  },\\n  \\\"exploitability\\\": {\\n    \\\"exploit_status\\\": \\\"\\\",\\n    \\\"exploit_summary\\\": \\\"\\\",\\n    \\\"evidence_signals\\\": [\\\"\\\"],\\n    \\\"prerequisites\\\": {\\n      \\\"network_access_required\\\": \\\"\\\",\\n      \\\"authentication_required\\\": \\\"\\\",\\n      \\\"user_interaction_required\\\": \\\"\\\",\\n      \\\"privileges_required\\\": \\\"\\\",\\n      \\\"attack_complexity\\\": \\\"\\\"\\n    }\\n  },\\n  \\\"triage\\\": {\\n    \\\"triage_category\\\": \\\"\\\",\\n    \\\"triage_team\\\": \\\"\\\",\\n    \\\"triage_rationale\\\": \\\"\\\",\\n    \\\"recommended_sla\\\": \\\"\\\"\\n  },\\n  \\\"impact_assessment\\\": {\\n    \\\"assessment_impact\\\": \\\"\\\",\\n    \\\"technical_impact_details\\\": \\\"\\\",\\n    \\\"blast_radius\\\": \\\"\\\",\\n    \\\"business_risk_rating\\\": \\\"\\\",\\n    \\\"business_risk_justification\\\": \\\"\\\"\\n  },\\n  \\\"affected_scope\\\": {\\n    \\\"affected_products\\\": [\\\"\\\"],\\n    \\\"affected_versions\\\": \\\"\\\",\\n    \\\"fixed_versions\\\": \\\"\\\",\\n    \\\"configuration_dependencies\\\": \\\"\\\",\\n    \\\"internet_exposure_relevance\\\": \\\"\\\"\\n  },\\n  \\\"attack_scenarios\\\": [\\n    {\\n      \\\"scenario_name\\\": \\\"\\\",\\n      \\\"attacker_goal\\\": \\\"\\\",\\n      \\\"steps_high_level\\\": [\\\"\\\", \\\"\\\", \\\"\\\"],\\n      \\\"likely_targets\\\": \\\"\\\"\\n    }\\n  ],\\n  \\\"mitigation\\\": {\\n    \\\"mitigation_type\\\": \\\"\\\",\\n    \\\"mitigation_action\\\": [\\\"\\\", \\\"\\\", \\\"\\\"],\\n    \\\"workarounds\\\": \\\"\\\",\\n    \\\"patching_notes\\\": \\\"\\\",\\n    \\\"verification_steps\\\": [\\\"\\\", \\\"\\\", \\\"\\\"],\\n    \\\"rollback_considerations\\\": \\\"\\\"\\n  },\\n  \\\"detection_and_hunting\\\": [\\\"\\\"],\\n  \\\"prioritization_enrichment\\\": {\\n    \\\"known_exploitation\\\": \\\"\\\",\\n    \\\"public_exploit_references\\\": \\\"\\\",\\n    \\\"epss\\\": \\\"Not available / Not specified in input data\\\",\\n    \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n    \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n    \\\"supply_chain_relevance\\\": \\\"\\\"\\n  },\\n  \\\"data_quality\\\": {\\n    \\\"missing_key_fields\\\": [\\\"\\\"],\\n    \\\"conflicts_or_ambiguities\\\": [\\\"\\\"],\\n    \\\"assumptions_made\\\": [\\\"\\\"],\\n    \\\"confidence\\\": \\\"\\\"\\n  },\\n  \\\"references\\\": [\\\"\\\"],\\n  \\\"generated_at\\\": \\\"\\\"\\n}\\n\\nConstraints:\\n- mitigation_action: exactly 3 steps, full sentences, strong action verbs\\n- detection_and_hunting: 3-6 concrete ideas\\n- affected_products: non-empty array (use \\\"Not available / Not specified in input data\\\" if unknown)\\n- references: only URLs from input (empty array if none)\\n- severity_label: \\\"CRITICAL\\\" | \\\"HIGH\\\" | \\\"MEDIUM\\\" | \\\"LOW\\\" | \\\"Not available / Not specified in input data\\\"\\n- attack_scenarios: provide 2 when possible, minimum 1\\n- generated_at: ISO-8601 timestamp or \\\"Not available / Not specified in input data\\\"\\n- If CVSS missing: base triage on description, vulnerability class, exposure\\n- Keep triage_rationale and business_risk_justification specific and actionable\",\r\n        \"azure\": {\r\n            \"model\": \"gpt-4.1\"\r\n        }\r\n    }\r\n}","options":{"raw":{"language":"json"}}},"url":"{{sl-host}}:{{sl-port}}/enrichment/ai","urlObject":{"port":"{{sl-port}}","path":["enrichment","ai"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"b17d1807-e7ad-448e-9017-a0bc89337144"}],"id":"e53e86d8-6a7d-433a-8cd3-35d0221d8fb7","_postman_id":"e53e86d8-6a7d-433a-8cd3-35d0221d8fb7","description":""},{"name":"Cve Database Version","id":"7de5e3a2-4325-4e5c-bdb4-8a6183a7f938","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/sourceDatabaseVersion","urlObject":{"port":"2999","path":["sourceDatabaseVersion"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"7de5e3a2-4325-4e5c-bdb4-8a6183a7f938"}],"id":"4407eb10-13ff-45f0-8ad7-2c388b112828","_postman_id":"4407eb10-13ff-45f0-8ad7-2c388b112828","description":""},{"name":"Parking Vulnerability Process","item":[{"name":"Parking VP - Import","id":"12b01768-86fc-4db9-b4fa-c965d7941d2e","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"url":"{{sl-host}}:2999/parking_vp_import","urlObject":{"port":"2999","path":["parking_vp_import"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"12b01768-86fc-4db9-b4fa-c965d7941d2e"},{"name":"Parking Company Scanner","id":"c2f5802a-710f-4cff-b4ec-fdcfe985e150","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/getPcsReport","urlObject":{"port":"2999","path":["getPcsReport"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"c2f5802a-710f-4cff-b4ec-fdcfe985e150"},{"name":"Parking Sbom Import Data","id":"ef85255f-e6a1-4ad5-81a8-47fa766a3a19","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/importSbomData","urlObject":{"port":"2999","path":["importSbomData"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"ef85255f-e6a1-4ad5-81a8-47fa766a3a19"},{"name":"Parking Sbom Analisys","id":"465e1c7f-c9cb-4bf2-af6b-bb0df184e204","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/getPsaReport","urlObject":{"port":"2999","path":["getPsaReport"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"465e1c7f-c9cb-4bf2-af6b-bb0df184e204"}],"id":"2000c82a-3b8e-4687-a012-f9a3252d6cc5","_postman_id":"2000c82a-3b8e-4687-a012-f9a3252d6cc5","description":""},{"name":"CyberNews","item":[{"name":"Cybernews Fetch and Import","id":"656753b0-a6a4-4430-8601-13a2cc754167","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/reachDailyCybernews","urlObject":{"port":"2999","path":["reachDailyCybernews"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"656753b0-a6a4-4430-8601-13a2cc754167"},{"name":"Cybernews Get CyberNews","id":"948ee7a2-17a5-41fe-8540-d0d9de0a1aa8","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/getDailyCybernews","urlObject":{"port":"2999","path":["getDailyCybernews"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"948ee7a2-17a5-41fe-8540-d0d9de0a1aa8"}],"id":"3da3b65f-11bf-4424-b88f-46e7666e42ae","_postman_id":"3da3b65f-11bf-4424-b88f-46e7666e42ae","description":""},{"name":"Newsletter","item":[{"name":"SingleCall","item":[{"name":"Cves Nist: Top Daily","id":"9456bae3-a93e-43e5-a4fd-38845f7a43e9","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[{"key":"Accept","value":"application/json","type":"text"},{"key":"Content-Type","value":"application/json","type":"text"}],"url":"{{sl-host}}:2999/topDailyCVEs","urlObject":{"port":"2999","path":["topDailyCVEs"],"host":["{{sl-host}}"],"query":[{"disabled":true,"key":"id","value":""},{"disabled":true,"key":"description","value":""},{"disabled":true,"key":"severity","value":""},{"disabled":true,"key":"published_date","value":""},{"disabled":true,"key":"last_modified_date","value":""},{"disabled":true,"key":"cve_references","value":""},{"disabled":true,"key":"severity_score","value":""},{"disabled":true,"key":"cvss_score","value":""},{"disabled":true,"key":"cvss_vector","value":""},{"disabled":true,"key":"affected_products","value":""},{"disabled":true,"key":"created_at","value":""},{"disabled":true,"key":"updated_at","value":""},{"disabled":true,"key":"kernel_version","value":""},{"disabled":true,"key":"last_reported_timestamp","value":""},{"disabled":true,"key":"page","value":null},{"disabled":true,"key":"limit","value":null}],"variable":[]}},"response":[],"_postman_id":"9456bae3-a93e-43e5-a4fd-38845f7a43e9"},{"name":"Cves Nist: 10 min news","id":"aab37ee9-5771-4827-bc29-95325d93eeb6","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[{"key":"Accept","value":"application/json","type":"text"},{"key":"Content-Type","value":"application/json","type":"text"}],"url":"{{sl-host}}:2999/tenDailyCVEs","urlObject":{"port":"2999","path":["tenDailyCVEs"],"host":["{{sl-host}}"],"query":[{"disabled":true,"key":"id","value":""},{"disabled":true,"key":"description","value":""},{"disabled":true,"key":"severity","value":""},{"disabled":true,"key":"published_date","value":""},{"disabled":true,"key":"last_modified_date","value":""},{"disabled":true,"key":"cve_references","value":""},{"disabled":true,"key":"severity_score","value":""},{"disabled":true,"key":"cvss_score","value":""},{"disabled":true,"key":"cvss_vector","value":""},{"disabled":true,"key":"affected_products","value":""},{"disabled":true,"key":"created_at","value":""},{"disabled":true,"key":"updated_at","value":""},{"disabled":true,"key":"kernel_version","value":""},{"disabled":true,"key":"last_reported_timestamp","value":""},{"disabled":true,"key":"page","value":null},{"disabled":true,"key":"limit","value":null}],"variable":[]}},"response":[],"_postman_id":"aab37ee9-5771-4827-bc29-95325d93eeb6"},{"name":"Cybernews Get CyberNews","id":"b7c19a81-4b4a-4a3b-88d3-eb78f81282de","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/getDailyCybernews","urlObject":{"port":"2999","path":["getDailyCybernews"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"b7c19a81-4b4a-4a3b-88d3-eb78f81282de"},{"name":"JBL Top 10 Vulnerability","id":"9e259996-bff7-456f-94d7-a4221a3e52f8","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[{"key":"Accept","value":"application/json","type":"text"},{"key":"Content-Type","value":"application/json","type":"text"}],"url":"{{sl-host}}:2999/jblTop10","urlObject":{"port":"2999","path":["jblTop10"],"host":["{{sl-host}}"],"query":[{"disabled":true,"key":"id","value":""},{"disabled":true,"key":"username","value":""},{"disabled":true,"key":"userdomain","value":""},{"disabled":true,"key":"ip_address","value":""},{"disabled":true,"key":"ip_location","value":""},{"disabled":true,"key":"manufacturer","value":""},{"disabled":true,"key":"model","value":""},{"disabled":true,"key":"os","value":""},{"disabled":true,"key":"sp","value":""},{"disabled":true,"key":"created_at","value":""},{"disabled":true,"key":"last_successful_scan","value":""},{"disabled":true,"key":"last_scan_attempt","value":""},{"disabled":true,"key":"softwarelist","value":""},{"disabled":true,"key":"page","value":"1"},{"disabled":true,"key":"limit","value":"10"}],"variable":[]}},"response":[],"_postman_id":"9e259996-bff7-456f-94d7-a4221a3e52f8"}],"id":"935cea13-89e6-46d8-8310-72b2b41c2c5d","_postman_id":"935cea13-89e6-46d8-8310-72b2b41c2c5d","description":""},{"name":"Generate Newsletter","id":"2b55fc97-0bd0-4f7d-b35f-b1243812f885","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[{"key":"Accept","value":"application/json","type":"text"},{"key":"Content-Type","value":"application/json","type":"text"}],"url":"{{sl-host}}:2999/sendSecLabNewsletter","urlObject":{"port":"2999","path":["sendSecLabNewsletter"],"host":["{{sl-host}}"],"query":[{"disabled":true,"key":"id","value":""},{"disabled":true,"key":"description","value":""},{"disabled":true,"key":"severity","value":""},{"disabled":true,"key":"published_date","value":""},{"disabled":true,"key":"last_modified_date","value":""},{"disabled":true,"key":"cve_references","value":""},{"disabled":true,"key":"severity_score","value":""},{"disabled":true,"key":"cvss_score","value":""},{"disabled":true,"key":"cvss_vector","value":""},{"disabled":true,"key":"affected_products","value":""},{"disabled":true,"key":"created_at","value":""},{"disabled":true,"key":"updated_at","value":""},{"disabled":true,"key":"kernel_version","value":""},{"disabled":true,"key":"last_reported_timestamp","value":""},{"disabled":true,"key":"page","value":null},{"disabled":true,"key":"limit","value":null}],"variable":[]}},"response":[],"_postman_id":"2b55fc97-0bd0-4f7d-b35f-b1243812f885"},{"name":"Generate Cybernews + Telegram","id":"14eea24a-4001-400c-9e2a-f99aedee802a","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[{"key":"Accept","value":"application/json","type":"text"},{"key":"Content-Type","value":"application/json","type":"text"}],"url":"{{sl-host}}:2999/sendTelegramSecLabNewsletter","urlObject":{"port":"2999","path":["sendTelegramSecLabNewsletter"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"14eea24a-4001-400c-9e2a-f99aedee802a"},{"name":"Generate CVES on Telegram","id":"8b0c1b91-07dd-4579-ad17-df55cfba1630","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[{"key":"Accept","value":"application/json","type":"text"},{"key":"Content-Type","value":"application/json","type":"text"}],"url":"{{sl-host}}:2999/sendTelegramCVES","urlObject":{"port":"2999","path":["sendTelegramCVES"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"8b0c1b91-07dd-4579-ad17-df55cfba1630"},{"name":"Generate CVES on Webex","id":"e09b22c9-1c5d-4c32-a7d7-d9884feacf88","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[{"key":"Accept","value":"application/json","type":"text"},{"key":"Content-Type","value":"application/json","type":"text"}],"url":"{{sl-host}}:2999/sendWebexCVES","urlObject":{"port":"2999","path":["sendWebexCVES"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"e09b22c9-1c5d-4c32-a7d7-d9884feacf88"}],"id":"df34f03f-a2db-4114-b7df-7acea76c20ec","_postman_id":"df34f03f-a2db-4114-b7df-7acea76c20ec","description":""},{"name":"Parking Component Scanner","item":[{"name":"Execute PCS","id":"d3909347-052b-41dd-8492-6abf70ae800e","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[{"key":"Accept","value":"application/json","type":"text"},{"key":"Content-Type","value":"application/json","type":"text"}],"url":"{{sl-host}}:2999/executePCS","urlObject":{"port":"2999","path":["executePCS"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"d3909347-052b-41dd-8492-6abf70ae800e"},{"name":"View PCS Report","id":"9aed1ee6-3966-411c-8f4a-761283020908","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[{"key":"Accept","value":"application/json","type":"text"},{"key":"Content-Type","value":"application/json","type":"text"}],"url":"{{sl-host}}:2999/showPCS","urlObject":{"port":"2999","path":["showPCS"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"9aed1ee6-3966-411c-8f4a-761283020908"}],"id":"266f9c47-44dc-40ee-b251-4e9d914ac68b","_postman_id":"266f9c47-44dc-40ee-b251-4e9d914ac68b","description":""},{"name":"Agents","item":[{"name":"Software Scanner","id":"2d94c52f-e3eb-46d9-98b3-c1e0ddebb0a6","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[{"key":"Accept","value":"application/json","type":"text"},{"key":"Content-Type","value":"application/json","type":"text"}],"url":"{{sl-host}}:2999/runAgentSwScanner","urlObject":{"port":"2999","path":["runAgentSwScanner"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"2d94c52f-e3eb-46d9-98b3-c1e0ddebb0a6"}],"id":"c25a999d-fe0b-41f2-a648-ce542ceb0951","_postman_id":"c25a999d-fe0b-41f2-a648-ce542ceb0951","description":""},{"name":"Probe","item":[{"name":"Client","item":[{"name":"Get All Reports","id":"2228a778-a59d-41a4-b497-1d3d7d699a3d","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"<token>"}]},"isInherited":false},"method":"GET","header":[{"key":"Accept","value":"application/json","type":"text"},{"key":"Content-Type","value":"application/json","type":"text"}],"url":"172.29.1.111:3000/getAllReports","urlObject":{"port":"3000","path":["getAllReports"],"host":["172","29","1","111"],"query":[],"variable":[]}},"response":[],"_postman_id":"2228a778-a59d-41a4-b497-1d3d7d699a3d"}],"id":"6fca8907-a3fd-4a85-8662-dac7c3fab391","_postman_id":"6fca8907-a3fd-4a85-8662-dac7c3fab391","description":""},{"name":"Server","item":[{"name":"Get List Available Probes","id":"8a9fff58-4cf8-483c-9ac3-2f372581de10","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[{"key":"Accept","value":"application/json","type":"text"},{"key":"Content-Type","value":"application/json","type":"text"}],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"{{sl-host}}:2999/listAvailableProbes","urlObject":{"port":"2999","path":["listAvailableProbes"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"8a9fff58-4cf8-483c-9ac3-2f372581de10"},{"name":"Generate Token","id":"e588515f-03ea-4409-a728-e3328babc976","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[{"key":"Content-Type","value":"application/json","type":"text"},{"key":"Accept","value":"application/json","type":"text"}],"body":{"mode":"raw","raw":"{\r\n    \"ip\": \"192.168.1.100\",\r\n    \"download\": \"http://www.google.com\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{sl-host}}:2999/generateToken","urlObject":{"port":"2999","path":["generateToken"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"e588515f-03ea-4409-a728-e3328babc976"}],"id":"1e6141d8-a9bb-4336-a919-4d7310b2bd2a","_postman_id":"1e6141d8-a9bb-4336-a919-4d7310b2bd2a","description":""}],"id":"eb39034c-80b1-49dc-acfe-1d6594eeaf94","_postman_id":"eb39034c-80b1-49dc-acfe-1d6594eeaf94","description":""},{"name":"Login Service","item":[{"name":"Registration","id":"105394fc-cedf-418b-a9ee-82d4252c0be5","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"noauth","isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n    \"email\": \"test111112221@test.com\",\r\n    \"username\": \"test11112221\",\r\n    \"password\": \"123456789\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{sl-host}}:2999/register","urlObject":{"port":"2999","path":["register"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"105394fc-cedf-418b-a9ee-82d4252c0be5"},{"name":"Login Ldap","id":"b2c4dbfb-38a2-49a8-a59f-200036daf760","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"noauth","isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"{   \r\n    \"username\": \"dabe1\",\r\n    \"password\": \"$Mt&B7GoafT&ur\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{sl-host}}:2999/login","urlObject":{"port":"2999","path":["login"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[{"id":"7eff53ed-aaf1-41a4-93f4-2a98844e62c8","name":"Login Ldap","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{   \r\n    \"username\": \"dabe1\",\r\n    \"password\": \"$Mt&B7GoafT&ur\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{sl-host}}:2999/login"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"710"},{"key":"ETag","value":"W/\"2c6-7fqmjuaudzicfThxbTsy9pufU/E\""},{"key":"Date","value":"Tue, 23 Sep 2025 06:39:28 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n    \"success\": true,\n    \"message\": \"Login successful\",\n    \"data\": {\n        \"accessToken\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIzNzM4YTQwNjRjZWMwZjRjYjE5NGFiOTY1MTcyYzA4YyIsInVzZXJJZCI6ImY2Y2VkNTlhLWUyZWEtNGI3ZS1hODE1LTk4NDQ3MzQxNWIzYiIsInJvbGVzIjpbInBhcmtpbmdWaWV3ZXIiLCJ1c2VyIl0sImlhdCI6MTc1ODYwOTU2OCwiZXhwIjoxNzU4NjEwNDY4fQ.RI9ZhtzA0y0J1CldtoiZdb9p47xBnLd8ixxP5HnkcX8\",\n        \"refreshToken\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIzNzM4YTQwNjRjZWMwZjRjYjE5NGFiOTY1MTcyYzA4YyIsInVzZXJJZCI6ImY2Y2VkNTlhLWUyZWEtNGI3ZS1hODE1LTk4NDQ3MzQxNWIzYiIsImlhdCI6MTc1ODYwOTU2OCwiZXhwIjoxNzU5MjE0MzY4fQ.lT7mlHekBA0F-xpgXdGgg8rkf9W4xvz_obb6yDbt1X0\",\n        \"user\": {\n            \"id\": \"f6ced59a-e2ea-4b7e-a815-984473415b3b\",\n            \"email\": \"\",\n            \"username\": \"dabe1\"\n        }\n    }\n}"}],"_postman_id":"b2c4dbfb-38a2-49a8-a59f-200036daf760"},{"name":"Logout","id":"f50fca55-cab3-4ba7-a9b0-c70031da9e9a","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"<token>"}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n    \"refreshToken\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI4OTRhZWI3NjE5NmYwNjRlOGEzN2JmYmQ2MTVjNmIzOSIsInVzZXJJZCI6Ijc4OTZkZWNjLTkyOGEtNGYyNi05ZTkwLWY0N2E2N2QxMmU4MSIsImlhdCI6MTc1OTkxMjE0OCwiZXhwIjoxNzYwNTE2OTQ4fQ.4-_fIS78_KPZ7MqVo702B4Hsl9MxN2W9Y85nmteLwqA\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{sl-host}}:2999/logout","urlObject":{"port":"2999","path":["logout"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"f50fca55-cab3-4ba7-a9b0-c70031da9e9a"}],"id":"cf209ed3-70d0-4533-a4ce-86b68f6bee5a","_postman_id":"cf209ed3-70d0-4533-a4ce-86b68f6bee5a","description":""},{"name":"Seclab Ui","item":[{"name":"Parking","item":[{"name":"Sbom","item":[{"name":"Jbl Component Count","id":"285b00fa-fccd-4da0-98d4-3746d2418b2b","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:{{sl-port}}/sbom/parking/stats/count/jbl","urlObject":{"port":"{{sl-port}}","path":["sbom","parking","stats","count","jbl"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[{"id":"1cbcb314-3eef-4217-8e65-68d07b2f9f82","name":"Jbl Component Count","originalRequest":{"method":"GET","header":[],"url":"{{sl-host}}:2999/sbom/parking/stats/count/jbl"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"27"},{"key":"ETag","value":"W/\"1b-WM6YNgvExV/h6+5moKg6LXQKci0\""},{"key":"Date","value":"Thu, 22 Jan 2026 09:50:31 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n    \"success\": true,\n    \"data\": 227\n}"}],"_postman_id":"285b00fa-fccd-4da0-98d4-3746d2418b2b"},{"name":"Jms Component Count","id":"53d76189-64be-41d9-8134-66b864a70bea","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/sbom/parking/stats/count/jms","urlObject":{"port":"2999","path":["sbom","parking","stats","count","jms"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"53d76189-64be-41d9-8134-66b864a70bea"},{"name":"Jbl Build Version","id":"3f14d8e0-c86c-4a27-899d-32dcb51b8c50","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/sbom/parking/stats/version/jbl","urlObject":{"port":"2999","path":["sbom","parking","stats","version","jbl"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[{"id":"96b0dd42-8f3c-4bbf-91b3-d640a54c2be3","name":"Jbl Build Version","originalRequest":{"method":"GET","header":[],"url":"{{sl-host}}:2999/sbom/parking/stats/version/jbl"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"43"},{"key":"ETag","value":"W/\"2b-sBe5RRdSgqBryEAPPVuxzHx6PGQ\""},{"key":"Date","value":"Thu, 22 Jan 2026 09:50:41 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n    \"success\": true,\n    \"data\": \"1.34.0.3-SNAPSHOT\"\n}"}],"_postman_id":"3f14d8e0-c86c-4a27-899d-32dcb51b8c50"},{"name":"Jms Build Version","id":"4e04ab1b-18a2-4986-a971-661cd0dceaf0","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/sbom/parking/stats/version/jms","urlObject":{"port":"2999","path":["sbom","parking","stats","version","jms"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"4e04ab1b-18a2-4986-a971-661cd0dceaf0"},{"name":"Jbl CycloneDx Version","id":"2f378dff-315f-4819-a3b6-0933c52b978e","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/sbom/parking/stats/tool/jbl","urlObject":{"port":"2999","path":["sbom","parking","stats","tool","jbl"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[{"id":"4a074dd0-5f30-4f68-a002-b8dbd85612a0","name":"Jbl CycloneDx Version","originalRequest":{"method":"GET","header":[],"url":"{{sl-host}}:2999/sbom/parking/stats/tool/jbl"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"110"},{"key":"ETag","value":"W/\"6e-uDJWgUvH/WRYEvGO66NFxFv+iU0\""},{"key":"Date","value":"Thu, 22 Jan 2026 09:50:51 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n    \"success\": true,\n    \"data\": {\n        \"bom_format\": \"CycloneDX\",\n        \"tool_name\": \"cyclonedx-maven-plugin\",\n        \"tool_version\": \"2.9.0\"\n    }\n}"}],"_postman_id":"2f378dff-315f-4819-a3b6-0933c52b978e"},{"name":"Jms CycloneDx Version","id":"bc299595-bfae-4a0c-ac50-d5afbd1c588d","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/sbom/parking/stats/tool/jms","urlObject":{"port":"2999","path":["sbom","parking","stats","tool","jms"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"bc299595-bfae-4a0c-ac50-d5afbd1c588d"},{"name":"Jbl count+build+cyclonedx","id":"5419518d-a8d8-4f5f-b841-4f04a1a1635b","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/sbom/parking/stats/jbl","urlObject":{"port":"2999","path":["sbom","parking","stats","jbl"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[{"id":"46886129-428e-48a4-a728-05bbb8a71496","name":"Jbl count+build+cyclonedx","originalRequest":{"method":"GET","header":[],"url":"{{sl-host}}:2999/sbom/parking/stats/jbl"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"201"},{"key":"ETag","value":"W/\"c9-f3rYVx2/V2qPqdflITXDIYvogP4\""},{"key":"Date","value":"Thu, 22 Jan 2026 09:50:59 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n    \"success\": true,\n    \"data\": {\n        \"productName\": \"jbl\",\n        \"componentCount\": 227,\n        \"productVersion\": \"1.34.0.3-SNAPSHOT\",\n        \"toolInfo\": {\n            \"bom_format\": \"CycloneDX\",\n            \"tool_name\": \"cyclonedx-maven-plugin\",\n            \"tool_version\": \"2.9.0\"\n        }\n    }\n}"}],"_postman_id":"5419518d-a8d8-4f5f-b841-4f04a1a1635b"},{"name":"Jms count+build+cyclonedx","id":"e35f78e5-8423-4db7-8ff0-c8c442802216","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/sbom/parking/stats/janus-aggregator","urlObject":{"port":"2999","path":["sbom","parking","stats","janus-aggregator"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"e35f78e5-8423-4db7-8ff0-c8c442802216"},{"name":"Jbl Components","id":"715a6ddd-0ecc-4612-b4fb-073353aa1972","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/sbom/parking/components/jbl","urlObject":{"port":"2999","path":["sbom","parking","components","jbl"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[{"id":"d46121b7-1ab1-4848-b854-5f854261c8a4","name":"Jbl Components","originalRequest":{"method":"GET","header":[],"url":"{{sl-host}}:2999/sbom/parking/components/jbl"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"79883"},{"key":"ETag","value":"W/\"1380b-YJ+h3ZHNRXtA96tzaAqvVpNRRPM\""},{"key":"Date","value":"Thu, 22 Jan 2026 09:51:06 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n    \"success\": true,\n    \"data\": [\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-core-common-lib\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"janus-jbl-common-model\",\n            \"component_group\": \"hub.jms.common.model\",\n            \"component_version\": \"1.34.0.14\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"javax.xml.soap-api\",\n            \"component_group\": \"javax.xml.soap\",\n            \"component_version\": \"1.4.0\",\n            \"component_type\": \"library\",\n            \"component_description\": \"SAAJ API\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jaxws-api\",\n            \"component_group\": \"javax.xml.ws\",\n            \"component_version\": \"2.3.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"JAX-WS (JSR 224) API\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"javax.annotation-api\",\n            \"component_group\": \"javax.annotation\",\n            \"component_version\": \"1.3.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Common Annotations for the JavaTM Platform API\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"javax.jws-api\",\n            \"component_group\": \"javax.jws\",\n            \"component_version\": \"1.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Java EE Web Services Metadata API\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"commons-lang3\",\n            \"component_group\": \"org.apache.commons\",\n            \"component_version\": \"3.4\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jackson-databind\",\n            \"component_group\": \"com.fasterxml.jackson.core\",\n            \"component_version\": \"2.13.4\",\n            \"component_type\": \"library\",\n            \"component_description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jackson-annotations\",\n            \"component_group\": \"com.fasterxml.jackson.core\",\n            \"component_version\": \"2.13.4\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Core annotations used for value types, used by Jackson data binding package.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"vertx-core\",\n            \"component_group\": \"io.vertx\",\n            \"component_version\": \"4.5.14\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"netty-common\",\n            \"component_group\": \"io.netty\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"netty-buffer\",\n            \"component_group\": \"io.netty\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"netty-transport\",\n            \"component_group\": \"io.netty\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"netty-handler\",\n            \"component_group\": \"io.netty\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"netty-transport-native-unix-common\",\n            \"component_group\": \"io.netty\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Static library which contains common unix utilities.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"netty-codec\",\n            \"component_group\": \"io.netty\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"netty-handler-proxy\",\n            \"component_group\": \"io.netty\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"netty-codec-socks\",\n            \"component_group\": \"io.netty\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"netty-codec-http\",\n            \"component_group\": \"io.netty\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_group\": \"io.netty\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"netty-resolver\",\n            \"component_group\": \"io.netty\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_group\": \"io.netty\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"netty-codec-dns\",\n            \"component_group\": \"io.netty\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"vertx-hazelcast\",\n            \"component_group\": \"io.vertx\",\n            \"component_version\": \"4.5.14\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"hazelcast\",\n            \"component_group\": \"com.hazelcast\",\n            \"component_version\": \"5.3.5\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Core Hazelcast Module\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"vertx-web\",\n            \"component_group\": \"io.vertx\",\n            \"component_version\": \"4.5.14\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"vertx-auth-common\",\n            \"component_group\": \"io.vertx\",\n            \"component_version\": \"4.5.14\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"vertx-bridge-common\",\n            \"component_group\": \"io.vertx\",\n            \"component_version\": \"4.5.14\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Vert.x 3 eventbus bridge common configuration\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"vertx-web-client\",\n            \"component_group\": \"io.vertx\",\n            \"component_version\": \"4.5.14\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"vertx-uri-template\",\n            \"component_group\": \"io.vertx\",\n            \"component_version\": \"4.5.14\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"vertx-web-common\",\n            \"component_group\": \"io.vertx\",\n            \"component_version\": \"4.5.14\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"vertx-service-discovery\",\n            \"component_group\": \"io.vertx\",\n            \"component_version\": \"4.5.14\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"vertx-jdbc-client\",\n            \"component_group\": \"io.vertx\",\n            \"component_version\": \"4.5.14\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"vertx-sql-client\",\n            \"component_group\": \"io.vertx\",\n            \"component_version\": \"4.5.14\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The Reactive SQL Client\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"vertx-circuit-breaker\",\n            \"component_group\": \"io.vertx\",\n            \"component_version\": \"4.5.14\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"vertx-codegen\",\n            \"component_group\": \"io.vertx\",\n            \"component_version\": \"4.5.14\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"vertx-service-proxy\",\n            \"component_group\": \"io.vertx\",\n            \"component_version\": \"4.5.14\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"HikariCP\",\n            \"component_group\": \"com.zaxxer\",\n            \"component_version\": \"3.1.0\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Ultimate JDBC Connection Pool\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"slf4j-api\",\n            \"component_group\": \"org.slf4j\",\n            \"component_version\": \"1.7.25\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The slf4j API\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"spring-context\",\n            \"component_group\": \"org.springframework\",\n            \"component_version\": \"5.3.39\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Spring Context\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"spring-aop\",\n            \"component_group\": \"org.springframework\",\n            \"component_version\": \"5.3.39\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Spring AOP\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"spring-beans\",\n            \"component_group\": \"org.springframework\",\n            \"component_version\": \"5.3.39\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Spring Beans\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"spring-core\",\n            \"component_group\": \"org.springframework\",\n            \"component_version\": \"5.3.39\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Spring Core\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"spring-jcl\",\n            \"component_group\": \"org.springframework\",\n            \"component_version\": \"5.3.39\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Spring Commons Logging Bridge\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"spring-expression\",\n            \"component_group\": \"org.springframework\",\n            \"component_version\": \"5.3.39\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Spring Expression Language (SpEL)\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"postgresql\",\n            \"component_group\": \"org.postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_type\": \"library\",\n            \"component_description\": \"PostgreSQL JDBC Driver Postgresql\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"checker-qual\",\n            \"component_group\": \"org.checkerframework\",\n            \"component_version\": \"3.42.0\",\n            \"component_type\": \"library\",\n            \"component_description\": \"checker-qual contains annotations (type qualifiers) that a programmer writes to specify Java code for type-checking by the Checker Framework.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"sqljdbc4\",\n            \"component_group\": \"com.microsoft.sqlserver\",\n            \"component_version\": \"4.0\",\n            \"component_type\": \"library\",\n            \"component_description\": \"POM was created by Sonatype Nexus\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"sqlite-jdbc\",\n            \"component_group\": \"org.xerial\",\n            \"component_version\": \"3.25.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"SQLite JDBC library\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jackson-core\",\n            \"component_group\": \"com.fasterxml.jackson.core\",\n            \"component_version\": \"2.18.3\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Core Jackson processing abstractions (aka Streaming API), implementation for JSON\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"log4j-slf4j-impl\",\n            \"component_group\": \"org.apache.logging.log4j\",\n            \"component_version\": \"2.17.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The Apache Log4j SLF4J API binding to Log4j 2 Core\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"log4j-api\",\n            \"component_group\": \"org.apache.logging.log4j\",\n            \"component_version\": \"2.17.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The Apache Log4j API\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"log4j-core\",\n            \"component_group\": \"org.apache.logging.log4j\",\n            \"component_version\": \"2.17.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The Apache Log4j Implementation\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"joda-time\",\n            \"component_group\": \"joda-time\",\n            \"component_version\": \"2.9.9\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Date and time library to replace JDK date handling\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"guava\",\n            \"component_group\": \"com.google.guava\",\n            \"component_version\": \"22.0\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. Guava has only one code dependency - javax.annotation, per the JSR-305 spec.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jsr305\",\n            \"component_group\": \"com.google.code.findbugs\",\n            \"component_version\": \"1.3.9\",\n            \"component_type\": \"library\",\n            \"component_description\": \"JSR305 Annotations for Findbugs\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"error_prone_annotations\",\n            \"component_group\": \"com.google.errorprone\",\n            \"component_version\": \"2.0.18\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"j2objc-annotations\",\n            \"component_group\": \"com.google.j2objc\",\n            \"component_version\": \"1.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"A set of annotations that provide additional information to the J2ObjC translator to modify the result of translation.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"animal-sniffer-annotations\",\n            \"component_group\": \"org.codehaus.mojo\",\n            \"component_version\": \"1.14\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Animal Sniffer Parent project.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jaxb-api\",\n            \"component_group\": \"javax.xml.bind\",\n            \"component_version\": \"2.4.0-b180830.0359\",\n            \"component_type\": \"library\",\n            \"component_description\": \"JAXB (JSR 222) API\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"javax.activation-api\",\n            \"component_group\": \"javax.activation\",\n            \"component_version\": \"1.2.0\",\n            \"component_type\": \"library\",\n            \"component_description\": \"JavaBeans Activation Framework API jar\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-core-swagger\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"swagger-annotations\",\n            \"component_group\": \"io.swagger.core.v3\",\n            \"component_version\": \"2.0.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"swagger-core\",\n            \"component_group\": \"io.swagger.core.v3\",\n            \"component_version\": \"2.0.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jaxb-api\",\n            \"component_group\": \"javax.xml.bind\",\n            \"component_version\": \"2.3.0\",\n            \"component_type\": \"library\",\n            \"component_description\": \"JAXB (JSR 222) API\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"commons-lang3\",\n            \"component_group\": \"org.apache.commons\",\n            \"component_version\": \"3.7\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jackson-annotations\",\n            \"component_group\": \"com.fasterxml.jackson.core\",\n            \"component_version\": \"2.9.5\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Core annotations used for value types, used by Jackson data binding package.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jackson-databind\",\n            \"component_group\": \"com.fasterxml.jackson.core\",\n            \"component_version\": \"2.9.5\",\n            \"component_type\": \"library\",\n            \"component_description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jackson-dataformat-yaml\",\n            \"component_group\": \"com.fasterxml.jackson.dataformat\",\n            \"component_version\": \"2.9.5\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Support for reading and writing YAML-encoded data via Jackson abstractions.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"snakeyaml\",\n            \"component_group\": \"org.yaml\",\n            \"component_version\": \"1.18\",\n            \"component_type\": \"library\",\n            \"component_description\": \"YAML 1.1 parser and emitter for Java\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"swagger-models\",\n            \"component_group\": \"io.swagger.core.v3\",\n            \"component_version\": \"2.0.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"validation-api\",\n            \"component_group\": \"javax.validation\",\n            \"component_version\": \"1.1.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Bean Validation API\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jackson-core\",\n            \"component_group\": \"com.fasterxml.jackson.core\",\n            \"component_version\": \"2.16.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Core Jackson processing abstractions (aka Streaming API), implementation for JSON\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"vertx-codegen\",\n            \"component_group\": \"io.vertx\",\n            \"component_version\": \"4.5.14\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-core-dto\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"AlphaNumDataCipher\",\n            \"component_group\": \"hub.ebb.cipher\",\n            \"component_version\": \"1.0.0\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"javapoet\",\n            \"component_group\": \"com.squareup\",\n            \"component_version\": \"1.9.0\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Use beautiful Java code to generate beautiful Java code.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-core-dao\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"commons-dbutils\",\n            \"component_group\": \"commons-dbutils\",\n            \"component_version\": \"1.7\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The Apache Commons DbUtils package is a set of Java utility classes for easing JDBC development.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-core-external-modules\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-core\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"onstreet-common\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-jps-authentication\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-jps-event-service\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-console\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-jps-peripheral-status\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-jps-command\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-jms-configuration\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"flyway-core\",\n            \"component_group\": \"org.flywaydb\",\n            \"component_version\": \"6.0.7\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Flyway: Database Migrations Made Easy.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-jms-tree-park-service\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-rates-model\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jaxb-impl\",\n            \"component_group\": \"com.sun.xml.bind\",\n            \"component_version\": \"3.0.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Old JAXB Runtime module. Contains sources required for runtime processing.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jaxb-core\",\n            \"component_group\": \"com.sun.xml.bind\",\n            \"component_version\": \"3.0.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Old JAXB Core module. Contains sources required by XJC, JXC and Runtime modules with dependencies.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jakarta.xml.bind-api\",\n            \"component_group\": \"jakarta.xml.bind\",\n            \"component_version\": \"3.0.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Jakarta XML Binding API\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jakarta.activation\",\n            \"component_group\": \"com.sun.activation\",\n            \"component_version\": \"2.0.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Jakarta Activation\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-jms-rates-configuration\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-account-crud\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-account\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-configurator\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-lpr-gateway\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"passport\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"activemq-client\",\n            \"component_group\": \"org.apache.activemq\",\n            \"component_version\": \"5.16.5\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The ActiveMQ Client implementation\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"slf4j-api\",\n            \"component_group\": \"org.slf4j\",\n            \"component_version\": \"1.7.36\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The slf4j API\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"geronimo-jms_1.1_spec\",\n            \"component_group\": \"org.apache.geronimo.specs\",\n            \"component_version\": \"1.1.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Provides open-source implementations of Sun specifications.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"hawtbuf\",\n            \"component_group\": \"org.fusesource.hawtbuf\",\n            \"component_version\": \"1.11\",\n            \"component_type\": \"library\",\n            \"component_description\": \"HawtBuf: a rich byte buffer library\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"geronimo-j2ee-management_1.1_spec\",\n            \"component_group\": \"org.apache.geronimo.specs\",\n            \"component_version\": \"1.0.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Provides open-source implementations of Sun specifications.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"spring-jms\",\n            \"component_group\": \"org.springframework\",\n            \"component_version\": \"5.3.39\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Spring JMS\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"spring-messaging\",\n            \"component_group\": \"org.springframework\",\n            \"component_version\": \"5.3.39\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Spring Messaging\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"spring-tx\",\n            \"component_group\": \"org.springframework\",\n            \"component_version\": \"5.3.39\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Spring Transaction\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jackson-databind\",\n            \"component_group\": \"com.fasterxml.jackson.core\",\n            \"component_version\": \"2.18.3\",\n            \"component_type\": \"library\",\n            \"component_description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jackson-dataformat-xml\",\n            \"component_group\": \"com.fasterxml.jackson.dataformat\",\n            \"component_version\": \"2.18.3\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Data format extension for Jackson to offer alternative support for serializing POJOs as XML and deserializing XML as pojos.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"stax2-api\",\n            \"component_group\": \"org.codehaus.woodstox\",\n            \"component_version\": \"4.2.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Stax2 API is an extension to basic Stax 1.0 API that adds significant new functionality, such as full-featured bi-direction validation interface and high-performance Typed Access API.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"woodstox-core\",\n            \"component_group\": \"com.fasterxml.woodstox\",\n            \"component_version\": \"7.0.0\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Woodstox is a high-performance XML processor that implements Stax (JSR-173), SAX2 and Stax2 APIs\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jackson-annotations\",\n            \"component_group\": \"com.fasterxml.jackson.core\",\n            \"component_version\": \"2.18.3\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Core annotations used for value types, used by Jackson data binding package.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jackson-jaxrs-json-provider\",\n            \"component_group\": \"com.fasterxml.jackson.jaxrs\",\n            \"component_version\": \"2.18.3\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Functionality to handle JSON input/output for JAX-RS implementations (like Jersey and RESTeasy) using standard Jackson data binding.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jackson-jaxrs-base\",\n            \"component_group\": \"com.fasterxml.jackson.jaxrs\",\n            \"component_version\": \"2.18.3\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Pile of code that is shared by all Jackson-based JAX-RS providers.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jackson-module-jaxb-annotations\",\n            \"component_group\": \"com.fasterxml.jackson.module\",\n            \"component_version\": \"2.18.3\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Support for using JAXB annotations as an alternative to \\\"native\\\" Jackson annotations, for configuring data-binding.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jakarta.activation-api\",\n            \"component_group\": \"jakarta.activation\",\n            \"component_version\": \"1.2.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Jakarta Activation API jar\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-jps-card-validation\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-jms-operation\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-jms-action\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-printing\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"pdfbox\",\n            \"component_group\": \"org.apache.pdfbox\",\n            \"component_version\": \"2.0.21\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The Apache PDFBox library is an open source Java tool for working with PDF documents.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"fontbox\",\n            \"component_group\": \"org.apache.pdfbox\",\n            \"component_version\": \"2.0.21\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The Apache FontBox library is an open source Java tool to obtain low level information from font files. FontBox is a subproject of Apache PDFBox.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"commons-logging\",\n            \"component_group\": \"commons-logging\",\n            \"component_version\": \"1.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Apache Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"itext\",\n            \"component_group\": \"com.lowagie\",\n            \"component_version\": \"2.1.7\",\n            \"component_type\": \"library\",\n            \"component_description\": \"iText, a free Java-PDF library\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"bcmail-jdk14\",\n            \"component_group\": \"bouncycastle\",\n            \"component_version\": \"138\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. The package is organised so that it contains a light-weight API suitable for use in any environment (including the newly released J2ME) with the additional infrastructure to conform the algorithms to the JCE framework.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"bcprov-jdk14\",\n            \"component_group\": \"bouncycastle\",\n            \"component_version\": \"138\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. The package is organised so that it contains a light-weight API suitable for use in any environment (including the newly released J2ME) with the additional infrastructure to conform the algorithms to the JCE framework.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"bctsp-jdk14\",\n            \"component_group\": \"org.bouncycastle\",\n            \"component_version\": \"1.38\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The Bouncy Castle Java API for handling the Time Stamp Protocol (TSP). This jar contains the TSP API for JDK 1.4. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"bcprov-jdk14\",\n            \"component_group\": \"org.bouncycastle\",\n            \"component_version\": \"1.38\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.4.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"bcmail-jdk14\",\n            \"component_group\": \"org.bouncycastle\",\n            \"component_version\": \"1.38\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The Bouncy Castle Java CMS and S/MIME APIs for handling the CMS and S/MIME protocols. This jar contains CMS and S/MIME APIs for JDK 1.4. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. If the S/MIME API is used, the JavaMail API and the Java activation framework will also be needed.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-jms-supervisor\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-fcj\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-action-calendar\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"drools-core\",\n            \"component_group\": \"org.drools\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Drools Expert is the rule engine and Drools Fusion does complex event processing (CEP).\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"kie-api\",\n            \"component_group\": \"org.kie\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The Drools and jBPM public API which is backwards compatible between releases.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"kie-internal\",\n            \"component_group\": \"org.kie\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The Drools and jBPM internal API which is NOT backwards compatible between releases.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"kie-soup-xstream\",\n            \"component_group\": \"org.kie.soup\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Collection of XStream utilities (not depending on any other KIE Soup module) for KIE Soup.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"drools-core-reflective\",\n            \"component_group\": \"org.drools\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Drools Expert is the rule engine and Drools Fusion does complex event processing (CEP).\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"drools-core-dynamic\",\n            \"component_group\": \"org.drools\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Drools Expert is the rule engine and Drools Fusion does complex event processing (CEP).\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"slf4j-api\",\n            \"component_group\": \"org.slf4j\",\n            \"component_version\": \"1.7.30\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The slf4j API\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"commons-codec\",\n            \"component_group\": \"commons-codec\",\n            \"component_version\": \"1.15\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"drools-templates\",\n            \"component_group\": \"org.drools\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Drools Expert is the rule engine and Drools Fusion does complex event processing (CEP).\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"drools-mvel\",\n            \"component_group\": \"org.drools\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Drools Expert is the rule engine and Drools Fusion does complex event processing (CEP).\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"kie-soup-project-datamodel-commons\",\n            \"component_group\": \"org.kie.soup\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The parent contains all metadata (including plugins) and also dependency versions. All KIE Soup modules (except for user BOMs like 'kie-soup-bom') should (transitively) inherit from this POM.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"kie-soup-project-datamodel-api\",\n            \"component_group\": \"org.kie.soup\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The parent contains all metadata (including plugins) and also dependency versions. All KIE Soup modules (except for user BOMs like 'kie-soup-bom') should (transitively) inherit from this POM.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"drools-compiler\",\n            \"component_group\": \"org.drools\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Drools Expert is the rule engine and Drools Fusion does complex event processing (CEP).\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"kie-memory-compiler\",\n            \"component_group\": \"org.kie\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Utility module to compile and load in a classloader programmatically generated Java Source Files\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"drools-ecj\",\n            \"component_group\": \"org.drools\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Drools Expert is the rule engine and Drools Fusion does complex event processing (CEP).\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"kie-soup-maven-support\",\n            \"component_group\": \"org.kie.soup\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The parent contains all metadata (including plugins) and also dependency versions. All KIE Soup modules (except for user BOMs like 'kie-soup-bom') should (transitively) inherit from this POM.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"antlr-runtime\",\n            \"component_group\": \"org.antlr\",\n            \"component_version\": \"3.5.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"xstream\",\n            \"component_group\": \"com.thoughtworks.xstream\",\n            \"component_version\": \"1.4.19\",\n            \"component_type\": \"library\",\n            \"component_description\": \"XStream is a serialization library from Java objects to XML and back.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"mxparser\",\n            \"component_group\": \"io.github.x-stream\",\n            \"component_version\": \"1.2.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"MXParser is a fork of xpp3_min 1.1.7 containing only the parser with merged changes of the Plexus fork.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"xmlpull\",\n            \"component_group\": \"xmlpull\",\n            \"component_version\": \"1.1.3.1\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"drools-decisiontables\",\n            \"component_group\": \"org.drools\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Drools Expert is the rule engine and Drools Fusion does complex event processing (CEP).\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_group\": \"org.apache.poi\",\n            \"component_version\": \"4.1.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Apache POI - Java API To Access Microsoft Format Files\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"poi-ooxml-schemas\",\n            \"component_group\": \"org.apache.poi\",\n            \"component_version\": \"4.1.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Apache POI - Java API To Access Microsoft Format Files\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"xmlbeans\",\n            \"component_group\": \"org.apache.xmlbeans\",\n            \"component_version\": \"3.1.0\",\n            \"component_type\": \"library\",\n            \"component_description\": \"XmlBeans main jar\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"commons-compress\",\n            \"component_group\": \"org.apache.commons\",\n            \"component_version\": \"1.19\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Apache Commons Compress software defines an API for working with compression and archive formats. These include: bzip2, gzip, pack200, lzma, xz, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4, Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"curvesapi\",\n            \"component_group\": \"com.github.virtuald\",\n            \"component_version\": \"1.06\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Implementation of various mathematical curves that define themselves over a set of control points. The API is written in Java. The curves supported are: Bezier, B-Spline, Cardinal Spline, Catmull-Rom Spline, Lagrange, Natural Cubic Spline, and NURBS.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"poi\",\n            \"component_group\": \"org.apache.poi\",\n            \"component_version\": \"4.1.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Apache POI - Java API To Access Microsoft Format Files\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"commons-collections4\",\n            \"component_group\": \"org.apache.commons\",\n            \"component_version\": \"4.4\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The Apache Commons Collections package contains types that extend and augment the Java Collections Framework.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"commons-math3\",\n            \"component_group\": \"org.apache.commons\",\n            \"component_version\": \"3.6.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The Apache Commons Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"SparseBitSet\",\n            \"component_group\": \"com.zaxxer\",\n            \"component_version\": \"1.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"An efficient sparse bitset implementation for Java\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"kie-spring\",\n            \"component_group\": \"org.kie\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Drools and jBPM integration for Spring.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbpm-flow\",\n            \"component_group\": \"org.jbpm\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"jBPM Flow\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"drools-serialization-protobuf\",\n            \"component_group\": \"org.drools\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Drools Expert is the rule engine and Drools Fusion does complex event processing (CEP).\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"kie-soup-commons\",\n            \"component_group\": \"org.kie.soup\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Collection of reusable (not depending on any other KIE Soup module) components for KIE Soup.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"kie-dmn-api\",\n            \"component_group\": \"org.kie\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Top level pom for the KIE DMN support implementation\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"kie-dmn-feel\",\n            \"component_group\": \"org.kie\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Top level pom for the KIE DMN support implementation\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"kie-dmn-model\",\n            \"component_group\": \"org.kie\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Top level pom for the KIE DMN support implementation\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"antlr4-runtime\",\n            \"component_group\": \"org.antlr\",\n            \"component_version\": \"4.9.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The ANTLR 4 Runtime\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"javaparser-core\",\n            \"component_group\": \"com.github.javaparser\",\n            \"component_version\": \"3.23.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The core parser functionality. This may be all you need.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"big-math\",\n            \"component_group\": \"ch.obermuhlner\",\n            \"component_version\": \"2.0.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Math functions for BigDecimal.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"kie-dmn-core\",\n            \"component_group\": \"org.kie\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Top level pom for the KIE DMN support implementation\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"kie-dmn-backend\",\n            \"component_group\": \"org.kie\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Top level pom for the KIE DMN support implementation\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"drools-ruleunit\",\n            \"component_group\": \"org.drools\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Drools Expert is the rule engine and Drools Fusion does complex event processing (CEP).\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"drools-canonical-model\",\n            \"component_group\": \"org.drools\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Drools Expert is the rule engine and Drools Fusion does complex event processing (CEP).\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"drools-model-compiler\",\n            \"component_group\": \"org.drools\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Drools Expert is the rule engine and Drools Fusion does complex event processing (CEP).\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"drools-mvel-compiler\",\n            \"component_group\": \"org.drools\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Drools Expert is the rule engine and Drools Fusion does complex event processing (CEP).\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"drools-mvel-parser\",\n            \"component_group\": \"org.drools\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Parsing of constraints in LHS\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"drools-alphanetwork-compiler\",\n            \"component_group\": \"org.drools\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Drools Expert is the rule engine and Drools Fusion does complex event processing (CEP).\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"pmml-model\",\n            \"component_group\": \"org.jpmml\",\n            \"component_version\": \"1.5.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"JPMML class model\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"pmml-agent\",\n            \"component_group\": \"org.jpmml\",\n            \"component_version\": \"1.5.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"JPMML Java agent for class model\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"protobuf-java\",\n            \"component_group\": \"com.google.protobuf\",\n            \"component_version\": \"3.19.4\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an efficient yet extensible format.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"commons-lang3\",\n            \"component_group\": \"org.apache.commons\",\n            \"component_version\": \"3.11\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jackson-databind\",\n            \"component_group\": \"com.fasterxml.jackson.core\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jackson-annotations\",\n            \"component_group\": \"com.fasterxml.jackson.core\",\n            \"component_version\": \"2.12.6\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Core annotations used for value types, used by Jackson data binding package.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jackson-datatype-jsr310\",\n            \"component_group\": \"com.fasterxml.jackson.datatype\",\n            \"component_version\": \"2.12.6\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Add-on module to support JSR-310 (Java 8 Date & Time API) data types.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"spring-tx\",\n            \"component_group\": \"org.springframework\",\n            \"component_version\": \"5.3.19\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Spring Transaction\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"spring-core\",\n            \"component_group\": \"org.springframework\",\n            \"component_version\": \"5.3.19\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Spring Core\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"spring-jcl\",\n            \"component_group\": \"org.springframework\",\n            \"component_version\": \"5.3.19\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Spring Commons Logging Bridge\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"spring-beans\",\n            \"component_group\": \"org.springframework\",\n            \"component_version\": \"5.3.19\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Spring Beans\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"spring-context\",\n            \"component_group\": \"org.springframework\",\n            \"component_version\": \"5.3.19\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Spring Context\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"spring-aop\",\n            \"component_group\": \"org.springframework\",\n            \"component_version\": \"5.3.19\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Spring AOP\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"spring-expression\",\n            \"component_group\": \"org.springframework\",\n            \"component_version\": \"5.3.19\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Spring Expression Language (SpEL)\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"mvel2\",\n            \"component_group\": \"org.mvel\",\n            \"component_version\": \"2.5.2.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"MVEL is a powerful expression language for Java-based applications. It provides a plethora of features and is suited for everything from the smallest property binding and extraction, to full blown scripts.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"guava\",\n            \"component_group\": \"com.google.guava\",\n            \"component_version\": \"31.1-jre\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Guava is a suite of core and expanded libraries that include utility classes, Google's collections, I/O classes, and much more.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"failureaccess\",\n            \"component_group\": \"com.google.guava\",\n            \"component_version\": \"1.0.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Contains com.google.common.util.concurrent.internal.InternalFutureFailureAccess and InternalFutures. Most users will never need to use this artifact. Its classes is conceptually a part of Guava, but they're in this separate artifact so that Android libraries can use them without pulling in all of Guava (just as they can use ListenableFuture by depending on the listenablefuture artifact).\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"listenablefuture\",\n            \"component_group\": \"com.google.guava\",\n            \"component_version\": \"9999.0-empty-to-avoid-conflict-with-guava\",\n            \"component_type\": \"library\",\n            \"component_description\": \"An empty artifact that Guava depends on to signal that it is providing ListenableFuture -- but is also available in a second \\\"version\\\" that contains com.google.common.util.concurrent.ListenableFuture class, without any other Guava classes. The idea is: - If users want only ListenableFuture, they depend on listenablefuture-1.0. - If users want all of Guava, they depend on guava, which, as of Guava 27.0, depends on listenablefuture-9999.0-empty-to-avoid-conflict-with-guava. The 9999.0-... version number is enough for some build systems (notably, Gradle) to select that empty artifact over the \\\"real\\\" listenablefuture-1.0 -- avoiding a conflict with the copy of ListenableFuture in guava itself. If users are using an older version of Guava or a build system other than Gradle, they may see class conflicts. If so, they can solve them by manually excluding the listenablefuture artifact or manually forcing their build systems to use 9999.0-....\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jsr305\",\n            \"component_group\": \"com.google.code.findbugs\",\n            \"component_version\": \"3.0.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"JSR305 Annotations for Findbugs\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"checker-qual\",\n            \"component_group\": \"org.checkerframework\",\n            \"component_version\": \"3.12.0\",\n            \"component_type\": \"library\",\n            \"component_description\": \"checker-qual contains annotations (type qualifiers) that a programmer writes to specify Java code for type-checking by the Checker Framework.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"error_prone_annotations\",\n            \"component_group\": \"com.google.errorprone\",\n            \"component_version\": \"2.11.0\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"j2objc-annotations\",\n            \"component_group\": \"com.google.j2objc\",\n            \"component_version\": \"1.3\",\n            \"component_type\": \"library\",\n            \"component_description\": \"A set of annotations that provide additional information to the J2ObjC translator to modify the result of translation.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"commons-io\",\n            \"component_group\": \"commons-io\",\n            \"component_version\": \"2.11.0\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"quartz\",\n            \"component_group\": \"org.quartz-scheduler\",\n            \"component_version\": \"2.2.3\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Enterprise Job Scheduler\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"c3p0\",\n            \"component_group\": \"c3p0\",\n            \"component_version\": \"0.9.1.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"c3p0 is an easy-to-use library for augmenting traditional (DriverManager-based) JDBC drivers with JNDI-bindable DataSources, including DataSources that implement Connection and Statement Pooling, as described by the jdbc3 spec and jdbc2 std extension.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"cron-utils\",\n            \"component_group\": \"com.cronutils\",\n            \"component_version\": \"7.0.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"A Java library to parse, migrate and validate crons as well as describe them in human readable language\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jsoup\",\n            \"component_group\": \"org.jsoup\",\n            \"component_version\": \"1.9.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"jsoup HTML parser\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"velocity\",\n            \"component_group\": \"velocity\",\n            \"component_version\": \"1.5\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Apache Velocity is a general purpose template engine.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"commons-collections\",\n            \"component_group\": \"commons-collections\",\n            \"component_version\": \"3.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Types that extend and augment the Java Collections Framework.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"commons-lang\",\n            \"component_group\": \"commons-lang\",\n            \"component_version\": \"2.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Commons.Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"oro\",\n            \"component_group\": \"oro\",\n            \"component_version\": \"2.0.8\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"bad-lpr\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-monitoring\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-jms-tiered-pricing\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-rates\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"onstreet-event\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"onstreet-payment\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"onstreet-integration\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"onstreet-integration-api\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"onstreet-integration-intercomp\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"javax.ws.rs-api\",\n            \"component_group\": \"javax.ws.rs\",\n            \"component_version\": \"2.1.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Java API for RESTful Web Services\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"onstreet-integration-parkeon\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"onstreet-integration-service\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"onstreet-assembly\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-assembly\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        }\n    ]\n}"}],"_postman_id":"715a6ddd-0ecc-4612-b4fb-073353aa1972"},{"name":"Jms Components","id":"e3da0de8-0480-4ab4-af76-2a559c82961a","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/sbom/parking/components/janus-aggregator","urlObject":{"port":"2999","path":["sbom","parking","components","janus-aggregator"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[{"id":"b886719c-26e3-431a-bd9e-676f93bd2bdf","name":"Jbl Components","originalRequest":{"method":"GET","header":[],"url":"{{sl-host}}:2999/sbom/parking/components/jbl"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"79883"},{"key":"ETag","value":"W/\"1380b-YJ+h3ZHNRXtA96tzaAqvVpNRRPM\""},{"key":"Date","value":"Thu, 22 Jan 2026 09:51:06 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n    \"success\": true,\n    \"data\": [\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-core-common-lib\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"janus-jbl-common-model\",\n            \"component_group\": \"hub.jms.common.model\",\n            \"component_version\": \"1.34.0.14\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"javax.xml.soap-api\",\n            \"component_group\": \"javax.xml.soap\",\n            \"component_version\": \"1.4.0\",\n            \"component_type\": \"library\",\n            \"component_description\": \"SAAJ API\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jaxws-api\",\n            \"component_group\": \"javax.xml.ws\",\n            \"component_version\": \"2.3.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"JAX-WS (JSR 224) API\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"javax.annotation-api\",\n            \"component_group\": \"javax.annotation\",\n            \"component_version\": \"1.3.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Common Annotations for the JavaTM Platform API\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"javax.jws-api\",\n            \"component_group\": \"javax.jws\",\n            \"component_version\": \"1.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Java EE Web Services Metadata API\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"commons-lang3\",\n            \"component_group\": \"org.apache.commons\",\n            \"component_version\": \"3.4\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jackson-databind\",\n            \"component_group\": \"com.fasterxml.jackson.core\",\n            \"component_version\": \"2.13.4\",\n            \"component_type\": \"library\",\n            \"component_description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jackson-annotations\",\n            \"component_group\": \"com.fasterxml.jackson.core\",\n            \"component_version\": \"2.13.4\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Core annotations used for value types, used by Jackson data binding package.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"vertx-core\",\n            \"component_group\": \"io.vertx\",\n            \"component_version\": \"4.5.14\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"netty-common\",\n            \"component_group\": \"io.netty\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"netty-buffer\",\n            \"component_group\": \"io.netty\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"netty-transport\",\n            \"component_group\": \"io.netty\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"netty-handler\",\n            \"component_group\": \"io.netty\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"netty-transport-native-unix-common\",\n            \"component_group\": \"io.netty\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Static library which contains common unix utilities.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"netty-codec\",\n            \"component_group\": \"io.netty\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"netty-handler-proxy\",\n            \"component_group\": \"io.netty\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"netty-codec-socks\",\n            \"component_group\": \"io.netty\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"netty-codec-http\",\n            \"component_group\": \"io.netty\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_group\": \"io.netty\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"netty-resolver\",\n            \"component_group\": \"io.netty\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_group\": \"io.netty\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"netty-codec-dns\",\n            \"component_group\": \"io.netty\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"vertx-hazelcast\",\n            \"component_group\": \"io.vertx\",\n            \"component_version\": \"4.5.14\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"hazelcast\",\n            \"component_group\": \"com.hazelcast\",\n            \"component_version\": \"5.3.5\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Core Hazelcast Module\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"vertx-web\",\n            \"component_group\": \"io.vertx\",\n            \"component_version\": \"4.5.14\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"vertx-auth-common\",\n            \"component_group\": \"io.vertx\",\n            \"component_version\": \"4.5.14\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"vertx-bridge-common\",\n            \"component_group\": \"io.vertx\",\n            \"component_version\": \"4.5.14\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Vert.x 3 eventbus bridge common configuration\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"vertx-web-client\",\n            \"component_group\": \"io.vertx\",\n            \"component_version\": \"4.5.14\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"vertx-uri-template\",\n            \"component_group\": \"io.vertx\",\n            \"component_version\": \"4.5.14\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"vertx-web-common\",\n            \"component_group\": \"io.vertx\",\n            \"component_version\": \"4.5.14\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"vertx-service-discovery\",\n            \"component_group\": \"io.vertx\",\n            \"component_version\": \"4.5.14\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"vertx-jdbc-client\",\n            \"component_group\": \"io.vertx\",\n            \"component_version\": \"4.5.14\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"vertx-sql-client\",\n            \"component_group\": \"io.vertx\",\n            \"component_version\": \"4.5.14\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The Reactive SQL Client\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"vertx-circuit-breaker\",\n            \"component_group\": \"io.vertx\",\n            \"component_version\": \"4.5.14\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"vertx-codegen\",\n            \"component_group\": \"io.vertx\",\n            \"component_version\": \"4.5.14\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"vertx-service-proxy\",\n            \"component_group\": \"io.vertx\",\n            \"component_version\": \"4.5.14\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"HikariCP\",\n            \"component_group\": \"com.zaxxer\",\n            \"component_version\": \"3.1.0\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Ultimate JDBC Connection Pool\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"slf4j-api\",\n            \"component_group\": \"org.slf4j\",\n            \"component_version\": \"1.7.25\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The slf4j API\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"spring-context\",\n            \"component_group\": \"org.springframework\",\n            \"component_version\": \"5.3.39\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Spring Context\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"spring-aop\",\n            \"component_group\": \"org.springframework\",\n            \"component_version\": \"5.3.39\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Spring AOP\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"spring-beans\",\n            \"component_group\": \"org.springframework\",\n            \"component_version\": \"5.3.39\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Spring Beans\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"spring-core\",\n            \"component_group\": \"org.springframework\",\n            \"component_version\": \"5.3.39\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Spring Core\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"spring-jcl\",\n            \"component_group\": \"org.springframework\",\n            \"component_version\": \"5.3.39\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Spring Commons Logging Bridge\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"spring-expression\",\n            \"component_group\": \"org.springframework\",\n            \"component_version\": \"5.3.39\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Spring Expression Language (SpEL)\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"postgresql\",\n            \"component_group\": \"org.postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_type\": \"library\",\n            \"component_description\": \"PostgreSQL JDBC Driver Postgresql\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"checker-qual\",\n            \"component_group\": \"org.checkerframework\",\n            \"component_version\": \"3.42.0\",\n            \"component_type\": \"library\",\n            \"component_description\": \"checker-qual contains annotations (type qualifiers) that a programmer writes to specify Java code for type-checking by the Checker Framework.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"sqljdbc4\",\n            \"component_group\": \"com.microsoft.sqlserver\",\n            \"component_version\": \"4.0\",\n            \"component_type\": \"library\",\n            \"component_description\": \"POM was created by Sonatype Nexus\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"sqlite-jdbc\",\n            \"component_group\": \"org.xerial\",\n            \"component_version\": \"3.25.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"SQLite JDBC library\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jackson-core\",\n            \"component_group\": \"com.fasterxml.jackson.core\",\n            \"component_version\": \"2.18.3\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Core Jackson processing abstractions (aka Streaming API), implementation for JSON\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"log4j-slf4j-impl\",\n            \"component_group\": \"org.apache.logging.log4j\",\n            \"component_version\": \"2.17.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The Apache Log4j SLF4J API binding to Log4j 2 Core\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"log4j-api\",\n            \"component_group\": \"org.apache.logging.log4j\",\n            \"component_version\": \"2.17.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The Apache Log4j API\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"log4j-core\",\n            \"component_group\": \"org.apache.logging.log4j\",\n            \"component_version\": \"2.17.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The Apache Log4j Implementation\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"joda-time\",\n            \"component_group\": \"joda-time\",\n            \"component_version\": \"2.9.9\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Date and time library to replace JDK date handling\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"guava\",\n            \"component_group\": \"com.google.guava\",\n            \"component_version\": \"22.0\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. Guava has only one code dependency - javax.annotation, per the JSR-305 spec.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jsr305\",\n            \"component_group\": \"com.google.code.findbugs\",\n            \"component_version\": \"1.3.9\",\n            \"component_type\": \"library\",\n            \"component_description\": \"JSR305 Annotations for Findbugs\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"error_prone_annotations\",\n            \"component_group\": \"com.google.errorprone\",\n            \"component_version\": \"2.0.18\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"j2objc-annotations\",\n            \"component_group\": \"com.google.j2objc\",\n            \"component_version\": \"1.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"A set of annotations that provide additional information to the J2ObjC translator to modify the result of translation.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"animal-sniffer-annotations\",\n            \"component_group\": \"org.codehaus.mojo\",\n            \"component_version\": \"1.14\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Animal Sniffer Parent project.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jaxb-api\",\n            \"component_group\": \"javax.xml.bind\",\n            \"component_version\": \"2.4.0-b180830.0359\",\n            \"component_type\": \"library\",\n            \"component_description\": \"JAXB (JSR 222) API\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"javax.activation-api\",\n            \"component_group\": \"javax.activation\",\n            \"component_version\": \"1.2.0\",\n            \"component_type\": \"library\",\n            \"component_description\": \"JavaBeans Activation Framework API jar\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-core-swagger\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"swagger-annotations\",\n            \"component_group\": \"io.swagger.core.v3\",\n            \"component_version\": \"2.0.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"swagger-core\",\n            \"component_group\": \"io.swagger.core.v3\",\n            \"component_version\": \"2.0.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jaxb-api\",\n            \"component_group\": \"javax.xml.bind\",\n            \"component_version\": \"2.3.0\",\n            \"component_type\": \"library\",\n            \"component_description\": \"JAXB (JSR 222) API\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"commons-lang3\",\n            \"component_group\": \"org.apache.commons\",\n            \"component_version\": \"3.7\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jackson-annotations\",\n            \"component_group\": \"com.fasterxml.jackson.core\",\n            \"component_version\": \"2.9.5\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Core annotations used for value types, used by Jackson data binding package.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jackson-databind\",\n            \"component_group\": \"com.fasterxml.jackson.core\",\n            \"component_version\": \"2.9.5\",\n            \"component_type\": \"library\",\n            \"component_description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jackson-dataformat-yaml\",\n            \"component_group\": \"com.fasterxml.jackson.dataformat\",\n            \"component_version\": \"2.9.5\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Support for reading and writing YAML-encoded data via Jackson abstractions.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"snakeyaml\",\n            \"component_group\": \"org.yaml\",\n            \"component_version\": \"1.18\",\n            \"component_type\": \"library\",\n            \"component_description\": \"YAML 1.1 parser and emitter for Java\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"swagger-models\",\n            \"component_group\": \"io.swagger.core.v3\",\n            \"component_version\": \"2.0.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"validation-api\",\n            \"component_group\": \"javax.validation\",\n            \"component_version\": \"1.1.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Bean Validation API\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jackson-core\",\n            \"component_group\": \"com.fasterxml.jackson.core\",\n            \"component_version\": \"2.16.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Core Jackson processing abstractions (aka Streaming API), implementation for JSON\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"vertx-codegen\",\n            \"component_group\": \"io.vertx\",\n            \"component_version\": \"4.5.14\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-core-dto\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"AlphaNumDataCipher\",\n            \"component_group\": \"hub.ebb.cipher\",\n            \"component_version\": \"1.0.0\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"javapoet\",\n            \"component_group\": \"com.squareup\",\n            \"component_version\": \"1.9.0\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Use beautiful Java code to generate beautiful Java code.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-core-dao\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"commons-dbutils\",\n            \"component_group\": \"commons-dbutils\",\n            \"component_version\": \"1.7\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The Apache Commons DbUtils package is a set of Java utility classes for easing JDBC development.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-core-external-modules\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-core\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"onstreet-common\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-jps-authentication\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-jps-event-service\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-console\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-jps-peripheral-status\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-jps-command\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-jms-configuration\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"flyway-core\",\n            \"component_group\": \"org.flywaydb\",\n            \"component_version\": \"6.0.7\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Flyway: Database Migrations Made Easy.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-jms-tree-park-service\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-rates-model\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jaxb-impl\",\n            \"component_group\": \"com.sun.xml.bind\",\n            \"component_version\": \"3.0.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Old JAXB Runtime module. Contains sources required for runtime processing.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jaxb-core\",\n            \"component_group\": \"com.sun.xml.bind\",\n            \"component_version\": \"3.0.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Old JAXB Core module. Contains sources required by XJC, JXC and Runtime modules with dependencies.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jakarta.xml.bind-api\",\n            \"component_group\": \"jakarta.xml.bind\",\n            \"component_version\": \"3.0.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Jakarta XML Binding API\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jakarta.activation\",\n            \"component_group\": \"com.sun.activation\",\n            \"component_version\": \"2.0.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Jakarta Activation\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-jms-rates-configuration\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-account-crud\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-account\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-configurator\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-lpr-gateway\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"passport\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"activemq-client\",\n            \"component_group\": \"org.apache.activemq\",\n            \"component_version\": \"5.16.5\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The ActiveMQ Client implementation\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"slf4j-api\",\n            \"component_group\": \"org.slf4j\",\n            \"component_version\": \"1.7.36\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The slf4j API\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"geronimo-jms_1.1_spec\",\n            \"component_group\": \"org.apache.geronimo.specs\",\n            \"component_version\": \"1.1.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Provides open-source implementations of Sun specifications.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"hawtbuf\",\n            \"component_group\": \"org.fusesource.hawtbuf\",\n            \"component_version\": \"1.11\",\n            \"component_type\": \"library\",\n            \"component_description\": \"HawtBuf: a rich byte buffer library\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"geronimo-j2ee-management_1.1_spec\",\n            \"component_group\": \"org.apache.geronimo.specs\",\n            \"component_version\": \"1.0.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Provides open-source implementations of Sun specifications.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"spring-jms\",\n            \"component_group\": \"org.springframework\",\n            \"component_version\": \"5.3.39\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Spring JMS\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"spring-messaging\",\n            \"component_group\": \"org.springframework\",\n            \"component_version\": \"5.3.39\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Spring Messaging\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"spring-tx\",\n            \"component_group\": \"org.springframework\",\n            \"component_version\": \"5.3.39\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Spring Transaction\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jackson-databind\",\n            \"component_group\": \"com.fasterxml.jackson.core\",\n            \"component_version\": \"2.18.3\",\n            \"component_type\": \"library\",\n            \"component_description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jackson-dataformat-xml\",\n            \"component_group\": \"com.fasterxml.jackson.dataformat\",\n            \"component_version\": \"2.18.3\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Data format extension for Jackson to offer alternative support for serializing POJOs as XML and deserializing XML as pojos.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"stax2-api\",\n            \"component_group\": \"org.codehaus.woodstox\",\n            \"component_version\": \"4.2.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Stax2 API is an extension to basic Stax 1.0 API that adds significant new functionality, such as full-featured bi-direction validation interface and high-performance Typed Access API.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"woodstox-core\",\n            \"component_group\": \"com.fasterxml.woodstox\",\n            \"component_version\": \"7.0.0\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Woodstox is a high-performance XML processor that implements Stax (JSR-173), SAX2 and Stax2 APIs\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jackson-annotations\",\n            \"component_group\": \"com.fasterxml.jackson.core\",\n            \"component_version\": \"2.18.3\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Core annotations used for value types, used by Jackson data binding package.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jackson-jaxrs-json-provider\",\n            \"component_group\": \"com.fasterxml.jackson.jaxrs\",\n            \"component_version\": \"2.18.3\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Functionality to handle JSON input/output for JAX-RS implementations (like Jersey and RESTeasy) using standard Jackson data binding.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jackson-jaxrs-base\",\n            \"component_group\": \"com.fasterxml.jackson.jaxrs\",\n            \"component_version\": \"2.18.3\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Pile of code that is shared by all Jackson-based JAX-RS providers.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jackson-module-jaxb-annotations\",\n            \"component_group\": \"com.fasterxml.jackson.module\",\n            \"component_version\": \"2.18.3\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Support for using JAXB annotations as an alternative to \\\"native\\\" Jackson annotations, for configuring data-binding.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jakarta.activation-api\",\n            \"component_group\": \"jakarta.activation\",\n            \"component_version\": \"1.2.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Jakarta Activation API jar\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-jps-card-validation\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-jms-operation\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-jms-action\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-printing\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"pdfbox\",\n            \"component_group\": \"org.apache.pdfbox\",\n            \"component_version\": \"2.0.21\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The Apache PDFBox library is an open source Java tool for working with PDF documents.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"fontbox\",\n            \"component_group\": \"org.apache.pdfbox\",\n            \"component_version\": \"2.0.21\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The Apache FontBox library is an open source Java tool to obtain low level information from font files. FontBox is a subproject of Apache PDFBox.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"commons-logging\",\n            \"component_group\": \"commons-logging\",\n            \"component_version\": \"1.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Apache Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"itext\",\n            \"component_group\": \"com.lowagie\",\n            \"component_version\": \"2.1.7\",\n            \"component_type\": \"library\",\n            \"component_description\": \"iText, a free Java-PDF library\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"bcmail-jdk14\",\n            \"component_group\": \"bouncycastle\",\n            \"component_version\": \"138\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. The package is organised so that it contains a light-weight API suitable for use in any environment (including the newly released J2ME) with the additional infrastructure to conform the algorithms to the JCE framework.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"bcprov-jdk14\",\n            \"component_group\": \"bouncycastle\",\n            \"component_version\": \"138\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. The package is organised so that it contains a light-weight API suitable for use in any environment (including the newly released J2ME) with the additional infrastructure to conform the algorithms to the JCE framework.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"bctsp-jdk14\",\n            \"component_group\": \"org.bouncycastle\",\n            \"component_version\": \"1.38\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The Bouncy Castle Java API for handling the Time Stamp Protocol (TSP). This jar contains the TSP API for JDK 1.4. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"bcprov-jdk14\",\n            \"component_group\": \"org.bouncycastle\",\n            \"component_version\": \"1.38\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.4.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"bcmail-jdk14\",\n            \"component_group\": \"org.bouncycastle\",\n            \"component_version\": \"1.38\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The Bouncy Castle Java CMS and S/MIME APIs for handling the CMS and S/MIME protocols. This jar contains CMS and S/MIME APIs for JDK 1.4. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. If the S/MIME API is used, the JavaMail API and the Java activation framework will also be needed.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-jms-supervisor\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-fcj\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-action-calendar\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"drools-core\",\n            \"component_group\": \"org.drools\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Drools Expert is the rule engine and Drools Fusion does complex event processing (CEP).\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"kie-api\",\n            \"component_group\": \"org.kie\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The Drools and jBPM public API which is backwards compatible between releases.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"kie-internal\",\n            \"component_group\": \"org.kie\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The Drools and jBPM internal API which is NOT backwards compatible between releases.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"kie-soup-xstream\",\n            \"component_group\": \"org.kie.soup\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Collection of XStream utilities (not depending on any other KIE Soup module) for KIE Soup.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"drools-core-reflective\",\n            \"component_group\": \"org.drools\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Drools Expert is the rule engine and Drools Fusion does complex event processing (CEP).\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"drools-core-dynamic\",\n            \"component_group\": \"org.drools\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Drools Expert is the rule engine and Drools Fusion does complex event processing (CEP).\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"slf4j-api\",\n            \"component_group\": \"org.slf4j\",\n            \"component_version\": \"1.7.30\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The slf4j API\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"commons-codec\",\n            \"component_group\": \"commons-codec\",\n            \"component_version\": \"1.15\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"drools-templates\",\n            \"component_group\": \"org.drools\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Drools Expert is the rule engine and Drools Fusion does complex event processing (CEP).\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"drools-mvel\",\n            \"component_group\": \"org.drools\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Drools Expert is the rule engine and Drools Fusion does complex event processing (CEP).\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"kie-soup-project-datamodel-commons\",\n            \"component_group\": \"org.kie.soup\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The parent contains all metadata (including plugins) and also dependency versions. All KIE Soup modules (except for user BOMs like 'kie-soup-bom') should (transitively) inherit from this POM.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"kie-soup-project-datamodel-api\",\n            \"component_group\": \"org.kie.soup\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The parent contains all metadata (including plugins) and also dependency versions. All KIE Soup modules (except for user BOMs like 'kie-soup-bom') should (transitively) inherit from this POM.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"drools-compiler\",\n            \"component_group\": \"org.drools\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Drools Expert is the rule engine and Drools Fusion does complex event processing (CEP).\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"kie-memory-compiler\",\n            \"component_group\": \"org.kie\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Utility module to compile and load in a classloader programmatically generated Java Source Files\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"drools-ecj\",\n            \"component_group\": \"org.drools\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Drools Expert is the rule engine and Drools Fusion does complex event processing (CEP).\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"kie-soup-maven-support\",\n            \"component_group\": \"org.kie.soup\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The parent contains all metadata (including plugins) and also dependency versions. All KIE Soup modules (except for user BOMs like 'kie-soup-bom') should (transitively) inherit from this POM.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"antlr-runtime\",\n            \"component_group\": \"org.antlr\",\n            \"component_version\": \"3.5.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"xstream\",\n            \"component_group\": \"com.thoughtworks.xstream\",\n            \"component_version\": \"1.4.19\",\n            \"component_type\": \"library\",\n            \"component_description\": \"XStream is a serialization library from Java objects to XML and back.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"mxparser\",\n            \"component_group\": \"io.github.x-stream\",\n            \"component_version\": \"1.2.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"MXParser is a fork of xpp3_min 1.1.7 containing only the parser with merged changes of the Plexus fork.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"xmlpull\",\n            \"component_group\": \"xmlpull\",\n            \"component_version\": \"1.1.3.1\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"drools-decisiontables\",\n            \"component_group\": \"org.drools\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Drools Expert is the rule engine and Drools Fusion does complex event processing (CEP).\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_group\": \"org.apache.poi\",\n            \"component_version\": \"4.1.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Apache POI - Java API To Access Microsoft Format Files\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"poi-ooxml-schemas\",\n            \"component_group\": \"org.apache.poi\",\n            \"component_version\": \"4.1.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Apache POI - Java API To Access Microsoft Format Files\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"xmlbeans\",\n            \"component_group\": \"org.apache.xmlbeans\",\n            \"component_version\": \"3.1.0\",\n            \"component_type\": \"library\",\n            \"component_description\": \"XmlBeans main jar\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"commons-compress\",\n            \"component_group\": \"org.apache.commons\",\n            \"component_version\": \"1.19\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Apache Commons Compress software defines an API for working with compression and archive formats. These include: bzip2, gzip, pack200, lzma, xz, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4, Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"curvesapi\",\n            \"component_group\": \"com.github.virtuald\",\n            \"component_version\": \"1.06\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Implementation of various mathematical curves that define themselves over a set of control points. The API is written in Java. The curves supported are: Bezier, B-Spline, Cardinal Spline, Catmull-Rom Spline, Lagrange, Natural Cubic Spline, and NURBS.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"poi\",\n            \"component_group\": \"org.apache.poi\",\n            \"component_version\": \"4.1.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Apache POI - Java API To Access Microsoft Format Files\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"commons-collections4\",\n            \"component_group\": \"org.apache.commons\",\n            \"component_version\": \"4.4\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The Apache Commons Collections package contains types that extend and augment the Java Collections Framework.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"commons-math3\",\n            \"component_group\": \"org.apache.commons\",\n            \"component_version\": \"3.6.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The Apache Commons Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"SparseBitSet\",\n            \"component_group\": \"com.zaxxer\",\n            \"component_version\": \"1.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"An efficient sparse bitset implementation for Java\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"kie-spring\",\n            \"component_group\": \"org.kie\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Drools and jBPM integration for Spring.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbpm-flow\",\n            \"component_group\": \"org.jbpm\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"jBPM Flow\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"drools-serialization-protobuf\",\n            \"component_group\": \"org.drools\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Drools Expert is the rule engine and Drools Fusion does complex event processing (CEP).\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"kie-soup-commons\",\n            \"component_group\": \"org.kie.soup\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Collection of reusable (not depending on any other KIE Soup module) components for KIE Soup.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"kie-dmn-api\",\n            \"component_group\": \"org.kie\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Top level pom for the KIE DMN support implementation\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"kie-dmn-feel\",\n            \"component_group\": \"org.kie\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Top level pom for the KIE DMN support implementation\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"kie-dmn-model\",\n            \"component_group\": \"org.kie\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Top level pom for the KIE DMN support implementation\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"antlr4-runtime\",\n            \"component_group\": \"org.antlr\",\n            \"component_version\": \"4.9.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The ANTLR 4 Runtime\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"javaparser-core\",\n            \"component_group\": \"com.github.javaparser\",\n            \"component_version\": \"3.23.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The core parser functionality. This may be all you need.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"big-math\",\n            \"component_group\": \"ch.obermuhlner\",\n            \"component_version\": \"2.0.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Math functions for BigDecimal.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"kie-dmn-core\",\n            \"component_group\": \"org.kie\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Top level pom for the KIE DMN support implementation\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"kie-dmn-backend\",\n            \"component_group\": \"org.kie\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Top level pom for the KIE DMN support implementation\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"drools-ruleunit\",\n            \"component_group\": \"org.drools\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Drools Expert is the rule engine and Drools Fusion does complex event processing (CEP).\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"drools-canonical-model\",\n            \"component_group\": \"org.drools\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Drools Expert is the rule engine and Drools Fusion does complex event processing (CEP).\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"drools-model-compiler\",\n            \"component_group\": \"org.drools\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Drools Expert is the rule engine and Drools Fusion does complex event processing (CEP).\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"drools-mvel-compiler\",\n            \"component_group\": \"org.drools\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Drools Expert is the rule engine and Drools Fusion does complex event processing (CEP).\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"drools-mvel-parser\",\n            \"component_group\": \"org.drools\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Parsing of constraints in LHS\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"drools-alphanetwork-compiler\",\n            \"component_group\": \"org.drools\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Drools Expert is the rule engine and Drools Fusion does complex event processing (CEP).\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"pmml-model\",\n            \"component_group\": \"org.jpmml\",\n            \"component_version\": \"1.5.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"JPMML class model\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"pmml-agent\",\n            \"component_group\": \"org.jpmml\",\n            \"component_version\": \"1.5.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"JPMML Java agent for class model\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"protobuf-java\",\n            \"component_group\": \"com.google.protobuf\",\n            \"component_version\": \"3.19.4\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an efficient yet extensible format.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"commons-lang3\",\n            \"component_group\": \"org.apache.commons\",\n            \"component_version\": \"3.11\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jackson-databind\",\n            \"component_group\": \"com.fasterxml.jackson.core\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jackson-annotations\",\n            \"component_group\": \"com.fasterxml.jackson.core\",\n            \"component_version\": \"2.12.6\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Core annotations used for value types, used by Jackson data binding package.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jackson-datatype-jsr310\",\n            \"component_group\": \"com.fasterxml.jackson.datatype\",\n            \"component_version\": \"2.12.6\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Add-on module to support JSR-310 (Java 8 Date & Time API) data types.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"spring-tx\",\n            \"component_group\": \"org.springframework\",\n            \"component_version\": \"5.3.19\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Spring Transaction\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"spring-core\",\n            \"component_group\": \"org.springframework\",\n            \"component_version\": \"5.3.19\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Spring Core\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"spring-jcl\",\n            \"component_group\": \"org.springframework\",\n            \"component_version\": \"5.3.19\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Spring Commons Logging Bridge\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"spring-beans\",\n            \"component_group\": \"org.springframework\",\n            \"component_version\": \"5.3.19\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Spring Beans\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"spring-context\",\n            \"component_group\": \"org.springframework\",\n            \"component_version\": \"5.3.19\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Spring Context\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"spring-aop\",\n            \"component_group\": \"org.springframework\",\n            \"component_version\": \"5.3.19\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Spring AOP\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"spring-expression\",\n            \"component_group\": \"org.springframework\",\n            \"component_version\": \"5.3.19\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Spring Expression Language (SpEL)\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"mvel2\",\n            \"component_group\": \"org.mvel\",\n            \"component_version\": \"2.5.2.Final\",\n            \"component_type\": \"library\",\n            \"component_description\": \"MVEL is a powerful expression language for Java-based applications. It provides a plethora of features and is suited for everything from the smallest property binding and extraction, to full blown scripts.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"guava\",\n            \"component_group\": \"com.google.guava\",\n            \"component_version\": \"31.1-jre\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Guava is a suite of core and expanded libraries that include utility classes, Google's collections, I/O classes, and much more.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"failureaccess\",\n            \"component_group\": \"com.google.guava\",\n            \"component_version\": \"1.0.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Contains com.google.common.util.concurrent.internal.InternalFutureFailureAccess and InternalFutures. Most users will never need to use this artifact. Its classes is conceptually a part of Guava, but they're in this separate artifact so that Android libraries can use them without pulling in all of Guava (just as they can use ListenableFuture by depending on the listenablefuture artifact).\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"listenablefuture\",\n            \"component_group\": \"com.google.guava\",\n            \"component_version\": \"9999.0-empty-to-avoid-conflict-with-guava\",\n            \"component_type\": \"library\",\n            \"component_description\": \"An empty artifact that Guava depends on to signal that it is providing ListenableFuture -- but is also available in a second \\\"version\\\" that contains com.google.common.util.concurrent.ListenableFuture class, without any other Guava classes. The idea is: - If users want only ListenableFuture, they depend on listenablefuture-1.0. - If users want all of Guava, they depend on guava, which, as of Guava 27.0, depends on listenablefuture-9999.0-empty-to-avoid-conflict-with-guava. The 9999.0-... version number is enough for some build systems (notably, Gradle) to select that empty artifact over the \\\"real\\\" listenablefuture-1.0 -- avoiding a conflict with the copy of ListenableFuture in guava itself. If users are using an older version of Guava or a build system other than Gradle, they may see class conflicts. If so, they can solve them by manually excluding the listenablefuture artifact or manually forcing their build systems to use 9999.0-....\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jsr305\",\n            \"component_group\": \"com.google.code.findbugs\",\n            \"component_version\": \"3.0.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"JSR305 Annotations for Findbugs\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"checker-qual\",\n            \"component_group\": \"org.checkerframework\",\n            \"component_version\": \"3.12.0\",\n            \"component_type\": \"library\",\n            \"component_description\": \"checker-qual contains annotations (type qualifiers) that a programmer writes to specify Java code for type-checking by the Checker Framework.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"error_prone_annotations\",\n            \"component_group\": \"com.google.errorprone\",\n            \"component_version\": \"2.11.0\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"j2objc-annotations\",\n            \"component_group\": \"com.google.j2objc\",\n            \"component_version\": \"1.3\",\n            \"component_type\": \"library\",\n            \"component_description\": \"A set of annotations that provide additional information to the J2ObjC translator to modify the result of translation.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"commons-io\",\n            \"component_group\": \"commons-io\",\n            \"component_version\": \"2.11.0\",\n            \"component_type\": \"library\",\n            \"component_description\": \"The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"quartz\",\n            \"component_group\": \"org.quartz-scheduler\",\n            \"component_version\": \"2.2.3\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Enterprise Job Scheduler\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"c3p0\",\n            \"component_group\": \"c3p0\",\n            \"component_version\": \"0.9.1.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"c3p0 is an easy-to-use library for augmenting traditional (DriverManager-based) JDBC drivers with JNDI-bindable DataSources, including DataSources that implement Connection and Statement Pooling, as described by the jdbc3 spec and jdbc2 std extension.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"cron-utils\",\n            \"component_group\": \"com.cronutils\",\n            \"component_version\": \"7.0.2\",\n            \"component_type\": \"library\",\n            \"component_description\": \"A Java library to parse, migrate and validate crons as well as describe them in human readable language\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jsoup\",\n            \"component_group\": \"org.jsoup\",\n            \"component_version\": \"1.9.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"jsoup HTML parser\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"velocity\",\n            \"component_group\": \"velocity\",\n            \"component_version\": \"1.5\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Apache Velocity is a general purpose template engine.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"commons-collections\",\n            \"component_group\": \"commons-collections\",\n            \"component_version\": \"3.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Types that extend and augment the Java Collections Framework.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"commons-lang\",\n            \"component_group\": \"commons-lang\",\n            \"component_version\": \"2.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Commons.Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"oro\",\n            \"component_group\": \"oro\",\n            \"component_version\": \"2.0.8\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"bad-lpr\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-monitoring\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-jms-tiered-pricing\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-rates\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"onstreet-event\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"onstreet-payment\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"onstreet-integration\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"onstreet-integration-api\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"onstreet-integration-intercomp\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"javax.ws.rs-api\",\n            \"component_group\": \"javax.ws.rs\",\n            \"component_version\": \"2.1.1\",\n            \"component_type\": \"library\",\n            \"component_description\": \"Java API for RESTful Web Services\",\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"onstreet-integration-parkeon\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"onstreet-integration-service\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"onstreet-assembly\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        },\n        {\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_name\": \"jbl-assembly\",\n            \"component_group\": \"hub.ebb\",\n            \"component_version\": \"1.34.0.3-SNAPSHOT\",\n            \"component_type\": \"library\",\n            \"component_description\": null,\n            \"created_at\": \"2026-01-16T10:29:52.909Z\",\n            \"generated_at\": \"2026-01-14T14:55:31.000Z\"\n        }\n    ]\n}"}],"_postman_id":"e3da0de8-0480-4ab4-af76-2a559c82961a"}],"id":"5cb0aa2c-7370-429b-932a-9db06161081a","_postman_id":"5cb0aa2c-7370-429b-932a-9db06161081a","description":""},{"name":"Dashboards","item":[{"name":"Total Vulnerabilities","id":"1f46d4f8-b935-4d29-be38-53cb52fe6cd7","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/sbom/parking/vulnerabilities/total","urlObject":{"port":"2999","path":["sbom","parking","vulnerabilities","total"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[{"id":"70a665a1-cbf2-42db-a3b3-7d307a0dd171","name":"Total Vulnerabilities","originalRequest":{"method":"GET","header":[],"url":"{{sl-host}}:2999/sbom/parking/vulnerabilities/total"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"142"},{"key":"ETag","value":"W/\"8e-+fzJ6eGeKM/qio9r9QzrUmDv8WU\""},{"key":"Date","value":"Wed, 28 Jan 2026 15:37:35 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n    \"success\": true,\n    \"data\": [\n        {\n            \"product_name\": \"jbl\",\n            \"total_vulnerabilities\": 1343\n        },\n        {\n            \"product_name\": \"janus-aggregator\",\n            \"total_vulnerabilities\": 7639\n        }\n    ]\n}"}],"_postman_id":"1f46d4f8-b935-4d29-be38-53cb52fe6cd7"},{"name":"Total Vulnerabilities Jbl","id":"5ceb9e9b-01a2-4947-931e-84d11bb320eb","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/sbom/parking/vulnerabilities/total?productName=jbl","urlObject":{"port":"2999","path":["sbom","parking","vulnerabilities","total"],"host":["{{sl-host}}"],"query":[{"key":"productName","value":"jbl"}],"variable":[]}},"response":[{"id":"ed8de9b7-f107-4572-8d3f-23e42fe7a518","name":"Total Vulnerabilities Jbl","originalRequest":{"method":"GET","header":[],"url":{"raw":"{{sl-host}}:2999/sbom/parking/vulnerabilities/total?productName=jbl","host":["{{sl-host}}"],"port":"2999","path":["sbom","parking","vulnerabilities","total"],"query":[{"key":"productName","value":"jbl","type":"text"}]}},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"56"},{"key":"ETag","value":"W/\"38-pW9LuOd8b1DZLas33e50IjeWnYY\""},{"key":"Date","value":"Wed, 28 Jan 2026 09:39:57 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n    \"success\": true,\n    \"data\": [\n        {\n            \"total_vulnerabilities\": 1343\n        }\n    ]\n}"}],"_postman_id":"5ceb9e9b-01a2-4947-931e-84d11bb320eb"},{"name":"Total Vulnerabilities Jms","id":"4831cad0-c9df-4693-a855-1e28f97ce719","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/sbom/parking/vulnerabilities/total?productName=jms","urlObject":{"port":"2999","path":["sbom","parking","vulnerabilities","total"],"host":["{{sl-host}}"],"query":[{"key":"productName","value":"jms"}],"variable":[]}},"response":[{"id":"c09a0a43-c198-4ebf-8046-dca4a7640889","name":"Total Vulnerabilities Jms","originalRequest":{"method":"GET","header":[],"url":{"raw":"{{sl-host}}:2999/sbom/parking/vulnerabilities/total?productName=jms","host":["{{sl-host}}"],"port":"2999","path":["sbom","parking","vulnerabilities","total"],"query":[{"key":"productName","value":"jms","type":"text"}]}},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"56"},{"key":"ETag","value":"W/\"38-TGFNNA+fMgHdPYPsLqxxe8NsJ4A\""},{"key":"Date","value":"Wed, 28 Jan 2026 09:41:42 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n    \"success\": true,\n    \"data\": [\n        {\n            \"total_vulnerabilities\": 7639\n        }\n    ]\n}"}],"_postman_id":"4831cad0-c9df-4693-a855-1e28f97ce719"},{"name":"Vulnerabilities by Severity","id":"e77940ee-2bd9-48fe-b3c8-6a68ac4e0578","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/sbom/parking/vulnerabilities/severity","urlObject":{"port":"2999","path":["sbom","parking","vulnerabilities","severity"],"host":["{{sl-host}}"],"query":[{"disabled":true,"key":"productName","value":"jms"},{"disabled":true,"key":"productName","value":"jbl"}],"variable":[]}},"response":[{"id":"30c1d7ec-ad8d-4938-af1d-835d31b4fddf","name":"Vulnerabilities by Severity","originalRequest":{"method":"GET","header":[],"url":{"raw":"{{sl-host}}:2999/sbom/parking/vulnerabilities/severity","host":["{{sl-host}}"],"port":"2999","path":["sbom","parking","vulnerabilities","severity"],"query":[{"key":"productName","value":"jms","disabled":true},{"key":"productName","value":"jbl","type":"text","disabled":true}]}},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"212"},{"key":"ETag","value":"W/\"d4-R2bB9oWGLZfYWHaGntSWiW5s9mE\""},{"key":"Date","value":"Wed, 28 Jan 2026 09:50:06 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n    \"success\": true,\n    \"data\": [\n        {\n            \"critical_count\": 239,\n            \"high_count\": 509,\n            \"medium_count\": 562,\n            \"low_count\": 33,\n            \"unknown_count\": 0\n        },\n        {\n            \"critical_count\": 860,\n            \"high_count\": 2465,\n            \"medium_count\": 3876,\n            \"low_count\": 438,\n            \"unknown_count\": 0\n        }\n    ]\n}"}],"_postman_id":"e77940ee-2bd9-48fe-b3c8-6a68ac4e0578"},{"name":"Components Scanned Count","id":"2e692f72-e6dc-41b3-a636-e0601177b3b5","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/sbom/parking/vulnerabilities/components-scanned","urlObject":{"port":"2999","path":["sbom","parking","vulnerabilities","components-scanned"],"host":["{{sl-host}}"],"query":[{"disabled":true,"key":"productName","value":"jms"},{"disabled":true,"key":"productName","value":"jbl"}],"variable":[]}},"response":[{"id":"d632f906-395e-4b90-88d8-5712d5e55a7e","name":"Components Scanned Count","originalRequest":{"method":"GET","header":[],"url":{"raw":"{{sl-host}}:2999/sbom/parking/vulnerabilities/components-scanned","host":["{{sl-host}}"],"port":"2999","path":["sbom","parking","vulnerabilities","components-scanned"],"query":[{"key":"productName","value":"jms","disabled":true},{"key":"productName","value":"jbl","type":"text","disabled":true}]}},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"79"},{"key":"ETag","value":"W/\"4f-4Y7vAPYLXSM2nUOEzB5yjK1nUmI\""},{"key":"Date","value":"Wed, 28 Jan 2026 09:51:11 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n    \"success\": true,\n    \"data\": [\n        {\n            \"components_scanned\": 158\n        },\n        {\n            \"components_scanned\": 461\n        }\n    ]\n}"}],"_postman_id":"2e692f72-e6dc-41b3-a636-e0601177b3b5"},{"name":"Severity Distribution (Histogram)","id":"a3eff059-cb8a-42ec-8ff3-dbf492fb1b7f","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/sbom/parking/vulnerabilities/distribution","urlObject":{"port":"2999","path":["sbom","parking","vulnerabilities","distribution"],"host":["{{sl-host}}"],"query":[{"disabled":true,"key":"productName","value":"jms"},{"disabled":true,"key":"productName","value":"jbl"}],"variable":[]}},"response":[{"id":"9dd979e0-841a-4298-bcb8-57ec91e8e455","name":"Severity Distribution (Histogram)","originalRequest":{"method":"GET","header":[],"url":{"raw":"{{sl-host}}:2999/sbom/parking/vulnerabilities/distribution","host":["{{sl-host}}"],"port":"2999","path":["sbom","parking","vulnerabilities","distribution"],"query":[{"key":"productName","value":"jms","disabled":true},{"key":"productName","value":"jbl","type":"text","disabled":true}]}},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"763"},{"key":"ETag","value":"W/\"2fb-uXrMJA22y/74+PEeU9SjTL/NEX0\""},{"key":"Date","value":"Wed, 28 Jan 2026 09:53:06 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n    \"success\": true,\n    \"data\": [\n        {\n            \"score_bin_start\": 2,\n            \"count_in_bin\": \"10\"\n        },\n        {\n            \"score_bin_start\": 2.5,\n            \"count_in_bin\": \"21\"\n        },\n        {\n            \"score_bin_start\": 3,\n            \"count_in_bin\": \"27\"\n        },\n        {\n            \"score_bin_start\": 3.5,\n            \"count_in_bin\": \"31\"\n        },\n        {\n            \"score_bin_start\": 4,\n            \"count_in_bin\": \"84\"\n        },\n        {\n            \"score_bin_start\": 4.5,\n            \"count_in_bin\": \"32\"\n        },\n        {\n            \"score_bin_start\": 5,\n            \"count_in_bin\": \"198\"\n        },\n        {\n            \"score_bin_start\": 5.5,\n            \"count_in_bin\": \"195\"\n        },\n        {\n            \"score_bin_start\": 6,\n            \"count_in_bin\": \"92\"\n        },\n        {\n            \"score_bin_start\": 6.5,\n            \"count_in_bin\": \"146\"\n        },\n        {\n            \"score_bin_start\": 7,\n            \"count_in_bin\": \"81\"\n        },\n        {\n            \"score_bin_start\": 7.5,\n            \"count_in_bin\": \"676\"\n        },\n        {\n            \"score_bin_start\": 8,\n            \"count_in_bin\": \"231\"\n        },\n        {\n            \"score_bin_start\": 8.5,\n            \"count_in_bin\": \"131\"\n        },\n        {\n            \"score_bin_start\": 9,\n            \"count_in_bin\": \"51\"\n        },\n        {\n            \"score_bin_start\": 9.5,\n            \"count_in_bin\": \"340\"\n        },\n        {\n            \"score_bin_start\": 10,\n            \"count_in_bin\": \"11\"\n        }\n    ]\n}"}],"_postman_id":"a3eff059-cb8a-42ec-8ff3-dbf492fb1b7f"},{"name":"Vulnerability Severity per Component (Matrix)","id":"95a751e0-edf0-4a35-9572-7b3ed3c24cb6","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/sbom/parking/vulnerabilities/matrix","urlObject":{"port":"2999","path":["sbom","parking","vulnerabilities","matrix"],"host":["{{sl-host}}"],"query":[{"disabled":true,"key":"productName","value":"jms"},{"disabled":true,"key":"productName","value":"jbl"}],"variable":[]}},"response":[{"id":"3e656161-8081-487f-98b7-f329785c58ac","name":"Vulnerability per Severity","originalRequest":{"method":"GET","header":[],"url":{"raw":"{{sl-host}}:2999/sbom/parking/vulnerabilities/matrix","host":["{{sl-host}}"],"port":"2999","path":["sbom","parking","vulnerabilities","matrix"],"query":[{"key":"productName","value":"jms","disabled":true},{"key":"productName","value":"jbl","type":"text","disabled":true}]}},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"4869"},{"key":"ETag","value":"W/\"1305-Tx3JLTMGmPU4DKrdSBrevZ3u5mk\""},{"key":"Date","value":"Wed, 28 Jan 2026 09:54:45 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n    \"success\": true,\n    \"data\": [\n        {\n            \"component_name\": \"commons-httpclient\",\n            \"average_score\": null,\n            \"total_cves\": \"1\"\n        },\n        {\n            \"component_name\": \"geronimo-jta_1.1_spec\",\n            \"average_score\": null,\n            \"total_cves\": \"10\"\n        },\n        {\n            \"component_name\": \"httpasyncclient\",\n            \"average_score\": null,\n            \"total_cves\": \"1\"\n        },\n        {\n            \"component_name\": \"commons-collections\",\n            \"average_score\": null,\n            \"total_cves\": \"3\"\n        },\n        {\n            \"component_name\": \"spring-integration-file\",\n            \"average_score\": \"9.8\",\n            \"total_cves\": \"2\"\n        },\n        {\n            \"component_name\": \"spring-integration-core\",\n            \"average_score\": \"9.8\",\n            \"total_cves\": \"2\"\n        },\n        {\n            \"component_name\": \"jackson-dataformat-xml\",\n            \"average_score\": \"9.2\",\n            \"total_cves\": \"4\"\n        },\n        {\n            \"component_name\": \"xmlbeans\",\n            \"average_score\": \"9.1\",\n            \"total_cves\": \"2\"\n        },\n        {\n            \"component_name\": \"drools-core\",\n            \"average_score\": \"9.0\",\n            \"total_cves\": \"6\"\n        },\n        {\n            \"component_name\": \"drools-mvel\",\n            \"average_score\": \"9.0\",\n            \"total_cves\": \"3\"\n        },\n        {\n            \"component_name\": \"jackson-databind\",\n            \"average_score\": \"8.6\",\n            \"total_cves\": \"420\"\n        },\n        {\n            \"component_name\": \"jackrabbit-core\",\n            \"average_score\": \"8.5\",\n            \"total_cves\": \"6\"\n        },\n        {\n            \"component_name\": \"groovy-all\",\n            \"average_score\": \"8.4\",\n            \"total_cves\": \"3\"\n        },\n        {\n            \"component_name\": \"commons-beanutils\",\n            \"average_score\": \"8.1\",\n            \"total_cves\": \"3\"\n        },\n        {\n            \"component_name\": \"log4j-to-slf4j\",\n            \"average_score\": \"8.0\",\n            \"total_cves\": \"14\"\n        },\n        {\n            \"component_name\": \"log4j-slf4j-impl\",\n            \"average_score\": \"8.0\",\n            \"total_cves\": \"14\"\n        },\n        {\n            \"component_name\": \"log4j\",\n            \"average_score\": \"8.0\",\n            \"total_cves\": \"14\"\n        },\n        {\n            \"component_name\": \"hazelcast\",\n            \"average_score\": \"8.0\",\n            \"total_cves\": \"8\"\n        },\n        {\n            \"component_name\": \"spring-boot-starter-websocket\",\n            \"average_score\": \"7.9\",\n            \"total_cves\": \"8\"\n        },\n        {\n            \"component_name\": \"vertx-core\",\n            \"average_score\": \"7.9\",\n            \"total_cves\": \"9\"\n        },\n        {\n            \"component_name\": \"derby\",\n            \"average_score\": \"7.9\",\n            \"total_cves\": \"16\"\n        },\n        {\n            \"component_name\": \"spring-boot-starter-log4j\",\n            \"average_score\": \"7.9\",\n            \"total_cves\": \"8\"\n        },\n        {\n            \"component_name\": \"grpc-api\",\n            \"average_score\": \"7.9\",\n            \"total_cves\": \"13\"\n        },\n        {\n            \"component_name\": \"gson\",\n            \"average_score\": \"7.7\",\n            \"total_cves\": \"2\"\n        },\n        {\n            \"component_name\": \"camel-core\",\n            \"average_score\": \"7.7\",\n            \"total_cves\": \"28\"\n        },\n        {\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"average_score\": \"7.5\",\n            \"total_cves\": \"86\"\n        },\n        {\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"average_score\": \"7.5\",\n            \"total_cves\": \"43\"\n        },\n        {\n            \"component_name\": \"wss4j-ws-security-dom\",\n            \"average_score\": \"7.4\",\n            \"total_cves\": \"5\"\n        },\n        {\n            \"component_name\": \"spring-security-config\",\n            \"average_score\": \"7.2\",\n            \"total_cves\": \"19\"\n        },\n        {\n            \"component_name\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"average_score\": \"7.1\",\n            \"total_cves\": \"16\"\n        },\n        {\n            \"component_name\": \"protobuf-java\",\n            \"average_score\": \"7.1\",\n            \"total_cves\": \"14\"\n        },\n        {\n            \"component_name\": \"tomcat-dbcp\",\n            \"average_score\": \"7.1\",\n            \"total_cves\": \"466\"\n        },\n        {\n            \"component_name\": \"jstl\",\n            \"average_score\": \"7.1\",\n            \"total_cves\": \"233\"\n        },\n        {\n            \"component_name\": \"annotations-api\",\n            \"average_score\": \"7.1\",\n            \"total_cves\": \"233\"\n        },\n        {\n            \"component_name\": \"postgresql\",\n            \"average_score\": \"7.1\",\n            \"total_cves\": \"314\"\n        },\n        {\n            \"component_name\": \"tomcat-embed-core\",\n            \"average_score\": \"7.1\",\n            \"total_cves\": \"233\"\n        },\n        {\n            \"component_name\": \"netty-common\",\n            \"average_score\": \"6.9\",\n            \"total_cves\": \"84\"\n        },\n        {\n            \"component_name\": \"netty-codec-http2\",\n            \"average_score\": \"6.9\",\n            \"total_cves\": \"28\"\n        },\n        {\n            \"component_name\": \"netty-buffer\",\n            \"average_score\": \"6.9\",\n            \"total_cves\": \"56\"\n        },\n        {\n            \"component_name\": \"snakeyaml\",\n            \"average_score\": \"6.9\",\n            \"total_cves\": \"40\"\n        },\n        {\n            \"component_name\": \"servlet-api\",\n            \"average_score\": \"6.9\",\n            \"total_cves\": \"275\"\n        },\n        {\n            \"component_name\": \"netty-resolver-dns\",\n            \"average_score\": \"6.9\",\n            \"total_cves\": \"28\"\n        },\n        {\n            \"component_name\": \"commons-compress\",\n            \"average_score\": \"6.8\",\n            \"total_cves\": \"22\"\n        },\n        {\n            \"component_name\": \"spring-context\",\n            \"average_score\": \"6.7\",\n            \"total_cves\": \"80\"\n        },\n        {\n            \"component_name\": \"activemq-client\",\n            \"average_score\": \"6.7\",\n            \"total_cves\": \"98\"\n        },\n        {\n            \"component_name\": \"spring-tx\",\n            \"average_score\": \"6.7\",\n            \"total_cves\": \"40\"\n        },\n        {\n            \"component_name\": \"spring-expression\",\n            \"average_score\": \"6.7\",\n            \"total_cves\": \"40\"\n        },\n        {\n            \"component_name\": \"spring-messaging\",\n            \"average_score\": \"6.7\",\n            \"total_cves\": \"80\"\n        },\n        {\n            \"component_name\": \"tika-core\",\n            \"average_score\": \"6.6\",\n            \"total_cves\": \"25\"\n        },\n        {\n            \"component_name\": \"commons-net\",\n            \"average_score\": \"6.5\",\n            \"total_cves\": \"2\"\n        },\n        {\n            \"component_name\": \"pdfbox\",\n            \"average_score\": \"6.5\",\n            \"total_cves\": \"16\"\n        },\n        {\n            \"component_name\": \"ant\",\n            \"average_score\": \"6.2\",\n            \"total_cves\": \"4\"\n        },\n        {\n            \"component_name\": \"jetty-io\",\n            \"average_score\": \"6.1\",\n            \"total_cves\": \"42\"\n        },\n        {\n            \"component_name\": \"jetty-server\",\n            \"average_score\": \"6.1\",\n            \"total_cves\": \"42\"\n        },\n        {\n            \"component_name\": \"jetty-websocket\",\n            \"average_score\": \"6.1\",\n            \"total_cves\": \"42\"\n        },\n        {\n            \"component_name\": \"websocket-client\",\n            \"average_score\": \"6.1\",\n            \"total_cves\": \"42\"\n        },\n        {\n            \"component_name\": \"jetty-util\",\n            \"average_score\": \"6.1\",\n            \"total_cves\": \"42\"\n        },\n        {\n            \"component_name\": \"hibernate-validator\",\n            \"average_score\": \"6.1\",\n            \"total_cves\": \"1\"\n        },\n        {\n            \"component_name\": \"poi-ooxml\",\n            \"average_score\": \"5.8\",\n            \"total_cves\": \"20\"\n        },\n        {\n            \"component_name\": \"jbpm-flow\",\n            \"average_score\": \"5.4\",\n            \"total_cves\": \"8\"\n        },\n        {\n            \"component_name\": \"commons-lang\",\n            \"average_score\": \"5.3\",\n            \"total_cves\": \"2\"\n        },\n        {\n            \"component_name\": \"failureaccess\",\n            \"average_score\": \"4.9\",\n            \"total_cves\": \"3\"\n        },\n        {\n            \"component_name\": \"guava\",\n            \"average_score\": \"4.9\",\n            \"total_cves\": \"12\"\n        },\n        {\n            \"component_name\": \"commons-io\",\n            \"average_score\": \"4.6\",\n            \"total_cves\": \"8\"\n        }\n    ]\n}"}],"_postman_id":"95a751e0-edf0-4a35-9572-7b3ed3c24cb6"},{"name":"Detailed Scores","id":"7f0f1c4e-f211-4ce5-8c44-6ec65181c288","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/sbom/parking/vulnerabilities/score-detailed","urlObject":{"port":"2999","path":["sbom","parking","vulnerabilities","score-detailed"],"host":["{{sl-host}}"],"query":[{"disabled":true,"key":"productName","value":"jms"},{"disabled":true,"key":"productName","value":"jbl"}],"variable":[]}},"response":[{"id":"98712bdd-ffc9-4074-9450-dd992e0c9ba7","name":"Detailed Scores","originalRequest":{"method":"GET","header":[],"url":{"raw":"{{sl-host}}:2999/sbom/parking/vulnerabilities/score-detailed","host":["{{sl-host}}"],"port":"2999","path":["sbom","parking","vulnerabilities","score-detailed"],"query":[{"key":"productName","value":"jms","disabled":true},{"key":"productName","value":"jbl","type":"text","disabled":true}]}},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"2159"},{"key":"ETag","value":"W/\"86f-JcLr/74CeNItIBM16Y6S1kn5x8A\""},{"key":"Date","value":"Wed, 28 Jan 2026 09:56:08 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n    \"success\": true,\n    \"data\": [\n        {\n            \"precise_score\": \"10.0\",\n            \"total_count\": \"11\"\n        },\n        {\n            \"precise_score\": \"9.8\",\n            \"total_count\": \"334\"\n        },\n        {\n            \"precise_score\": \"9.6\",\n            \"total_count\": \"6\"\n        },\n        {\n            \"precise_score\": \"9.4\",\n            \"total_count\": \"6\"\n        },\n        {\n            \"precise_score\": \"9.3\",\n            \"total_count\": \"3\"\n        },\n        {\n            \"precise_score\": \"9.1\",\n            \"total_count\": \"39\"\n        },\n        {\n            \"precise_score\": \"9.0\",\n            \"total_count\": \"3\"\n        },\n        {\n            \"precise_score\": \"8.8\",\n            \"total_count\": \"113\"\n        },\n        {\n            \"precise_score\": \"8.6\",\n            \"total_count\": \"14\"\n        },\n        {\n            \"precise_score\": \"8.5\",\n            \"total_count\": \"4\"\n        },\n        {\n            \"precise_score\": \"8.4\",\n            \"total_count\": \"8\"\n        },\n        {\n            \"precise_score\": \"8.3\",\n            \"total_count\": \"7\"\n        },\n        {\n            \"precise_score\": \"8.1\",\n            \"total_count\": \"210\"\n        },\n        {\n            \"precise_score\": \"8.0\",\n            \"total_count\": \"6\"\n        },\n        {\n            \"precise_score\": \"7.8\",\n            \"total_count\": \"45\"\n        },\n        {\n            \"precise_score\": \"7.7\",\n            \"total_count\": \"8\"\n        },\n        {\n            \"precise_score\": \"7.6\",\n            \"total_count\": \"2\"\n        },\n        {\n            \"precise_score\": \"7.5\",\n            \"total_count\": \"621\"\n        },\n        {\n            \"precise_score\": \"7.4\",\n            \"total_count\": \"12\"\n        },\n        {\n            \"precise_score\": \"7.3\",\n            \"total_count\": \"15\"\n        },\n        {\n            \"precise_score\": \"7.2\",\n            \"total_count\": \"10\"\n        },\n        {\n            \"precise_score\": \"7.1\",\n            \"total_count\": \"10\"\n        },\n        {\n            \"precise_score\": \"7.0\",\n            \"total_count\": \"34\"\n        },\n        {\n            \"precise_score\": \"6.7\",\n            \"total_count\": \"2\"\n        },\n        {\n            \"precise_score\": \"6.6\",\n            \"total_count\": \"3\"\n        },\n        {\n            \"precise_score\": \"6.5\",\n            \"total_count\": \"141\"\n        },\n        {\n            \"precise_score\": \"6.4\",\n            \"total_count\": \"1\"\n        },\n        {\n            \"precise_score\": \"6.3\",\n            \"total_count\": \"14\"\n        },\n        {\n            \"precise_score\": \"6.2\",\n            \"total_count\": \"7\"\n        },\n        {\n            \"precise_score\": \"6.1\",\n            \"total_count\": \"70\"\n        },\n        {\n            \"precise_score\": \"5.9\",\n            \"total_count\": \"108\"\n        },\n        {\n            \"precise_score\": \"5.8\",\n            \"total_count\": \"7\"\n        },\n        {\n            \"precise_score\": \"5.6\",\n            \"total_count\": \"4\"\n        },\n        {\n            \"precise_score\": \"5.5\",\n            \"total_count\": \"76\"\n        },\n        {\n            \"precise_score\": \"5.4\",\n            \"total_count\": \"8\"\n        },\n        {\n            \"precise_score\": \"5.3\",\n            \"total_count\": \"184\"\n        },\n        {\n            \"precise_score\": \"5.2\",\n            \"total_count\": \"6\"\n        },\n        {\n            \"precise_score\": \"4.8\",\n            \"total_count\": \"26\"\n        },\n        {\n            \"precise_score\": \"4.7\",\n            \"total_count\": \"6\"\n        },\n        {\n            \"precise_score\": \"4.3\",\n            \"total_count\": \"73\"\n        },\n        {\n            \"precise_score\": \"4.2\",\n            \"total_count\": \"10\"\n        },\n        {\n            \"precise_score\": \"4.1\",\n            \"total_count\": \"1\"\n        },\n        {\n            \"precise_score\": \"3.7\",\n            \"total_count\": \"19\"\n        },\n        {\n            \"precise_score\": \"3.5\",\n            \"total_count\": \"12\"\n        },\n        {\n            \"precise_score\": \"3.3\",\n            \"total_count\": \"7\"\n        },\n        {\n            \"precise_score\": \"3.1\",\n            \"total_count\": \"20\"\n        },\n        {\n            \"precise_score\": \"2.9\",\n            \"total_count\": \"7\"\n        },\n        {\n            \"precise_score\": \"2.7\",\n            \"total_count\": \"14\"\n        },\n        {\n            \"precise_score\": \"2.4\",\n            \"total_count\": \"6\"\n        },\n        {\n            \"precise_score\": \"2.2\",\n            \"total_count\": \"4\"\n        }\n    ]\n}"}],"_postman_id":"7f0f1c4e-f211-4ce5-8c44-6ec65181c288"}],"id":"39586322-4c98-487a-ae2a-184b2fa0a0fa","_postman_id":"39586322-4c98-487a-ae2a-184b2fa0a0fa","description":""},{"name":"Vulnerability Reports","item":[{"name":"sbom-reports","id":"00b38d7b-db69-4247-9783-292c383dd1b9","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/sbom-reports","urlObject":{"port":"2999","path":["sbom-reports"],"host":["{{sl-host}}"],"query":[{"disabled":true,"key":"productName","value":"jms"},{"disabled":true,"key":"productName","value":"jbl"},{"disabled":true,"key":"id","value":"7"}],"variable":[]}},"response":[{"id":"65a38f6a-a6b1-4899-90a5-4e9fc79f452f","name":"sbom-reports","originalRequest":{"method":"GET","header":[],"url":{"raw":"{{sl-host}}:2999/sbom-reports","host":["{{sl-host}}"],"port":"2999","path":["sbom-reports"],"query":[{"key":"productName","value":"jms","disabled":true},{"key":"productName","value":"jbl","type":"text","disabled":true}]}},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"756"},{"key":"ETag","value":"W/\"2f4-CowOIEdl+qS7EtuNsKFLbelJQSA\""},{"key":"Date","value":"Wed, 28 Jan 2026 15:16:19 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n    \"success\": true,\n    \"data\": [\n        {\n            \"id\": \"8\",\n            \"scan_date\": \"2026-01-21T13:59:57.222Z\",\n            \"product_name\": \"janus-aggregator\",\n            \"product_version\": \"1.35.0.9\",\n            \"enrichment_mode\": \"internal\",\n            \"total_vulnerabilities\": 7639,\n            \"critical_count\": 860,\n            \"high_count\": 2465,\n            \"medium_count\": 3876,\n            \"low_count\": 438,\n            \"components_scanned\": 461,\n            \"components_with_cves\": 215,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"7\",\n            \"scan_date\": \"2026-01-21T13:51:40.780Z\",\n            \"product_name\": \"jbl\",\n            \"product_version\": \"1.34.0.3-SNAPSHOT\",\n            \"enrichment_mode\": \"internal\",\n            \"total_vulnerabilities\": 1343,\n            \"critical_count\": 239,\n            \"high_count\": 509,\n            \"medium_count\": 562,\n            \"low_count\": 33,\n            \"components_scanned\": 158,\n            \"components_with_cves\": 67,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        }\n    ],\n    \"pagination\": {\n        \"page\": 1,\n        \"pageSize\": 20,\n        \"total\": 2,\n        \"totalPages\": 1\n    }\n}"}],"_postman_id":"00b38d7b-db69-4247-9783-292c383dd1b9"},{"name":"Dashboard Aggregate Stats","id":"099a9744-a305-40f5-92e7-54cb1c8b40cc","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/sbom-reports/stats/dashboard?productName=jms","urlObject":{"port":"2999","path":["sbom-reports","stats","dashboard"],"host":["{{sl-host}}"],"query":[{"key":"productName","value":"jms"},{"disabled":true,"key":"productName","value":"jbl"},{"disabled":true,"key":"days","value":"30"}],"variable":[]}},"response":[],"_postman_id":"099a9744-a305-40f5-92e7-54cb1c8b40cc"}],"id":"962b5652-cb94-4a84-87b5-067042dbe4b2","_postman_id":"962b5652-cb94-4a84-87b5-067042dbe4b2","description":""},{"name":"Network Graph","item":[{"name":"Graph Nodes (Global)","id":"2c3b1411-2554-4aa0-a35a-b3855bf99ecf","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/sbom/parking/network-graph/nodes","urlObject":{"port":"2999","path":["sbom","parking","network-graph","nodes"],"host":["{{sl-host}}"],"query":[{"disabled":true,"key":"productName","value":"jms"},{"disabled":true,"key":"productName","value":"jbl"}],"variable":[]}},"response":[{"id":"2dce2533-1abf-4574-a835-d9a626f0709c","name":"Graph Nodes (Global)","originalRequest":{"method":"GET","header":[],"url":{"raw":"{{sl-host}}:2999/sbom/parking/network-graph/nodes","host":["{{sl-host}}"],"port":"2999","path":["sbom","parking","network-graph","nodes"],"query":[{"key":"productName","value":"jms","disabled":true},{"key":"productName","value":"jbl","type":"text","disabled":true}]}},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"35612"},{"key":"ETag","value":"W/\"8b1c-ndaXrKbYT3Y0dCmpuSeID0//KR0\""},{"key":"Date","value":"Wed, 28 Jan 2026 09:58:49 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n    \"success\": true,\n    \"data\": [\n        {\n            \"id\": \"CVE-2025-23184\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-9493\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2005-0244\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-31811\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-3623\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2012-2655\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-7547\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-1339\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"hazelcast\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"activemq-client\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2016-9878\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2007-3386\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2011-3376\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-31651\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-6810\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2012-2145\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-53689\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2007-4772\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-3625\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2011-1184\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-0230\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-3509\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-11039\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-12545\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"netty-common\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2019-17571\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-12419\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-32007\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-28708\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"jetty-websocket\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2013-7315\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-5529\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-26117\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-10672\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"log4j-to-slf4j\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2007-1358\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-41079\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-6814\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-23114\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-3612\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2007-0450\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2008-2938\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-28657\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2008-0732\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-11111\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-5348\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-8161\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-31672\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-5174\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-8037\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2013-1901\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2006-2313\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-22112\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-0232\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2013-1903\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-20229\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-1115\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-11040\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-1932\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-7861\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-39418\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-16335\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2012-0868\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-52520\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"tomcat-dbcp\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2012-3467\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-5408\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-35490\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2005-0808\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"commons-io\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2023-4785\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2007-2138\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-11996\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2010-1169\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"geronimo-jta_1.1_spec\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2020-14060\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-10979\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2008-2370\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-10237\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-54677\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-33953\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-11994\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-5425\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2006-5542\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-11979\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-10164\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2005-2090\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-1052\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-12022\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2005-3164\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2013-4330\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-10093\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2007-4548\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-0241\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"jetty-io\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2014-0064\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-22259\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-34035\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-25695\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-9193\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-34305\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-10247\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2005-4836\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2011-3620\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2012-5885\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2007-5085\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-7484\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-3577\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-13935\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-9775\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-4434\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"spring-expression\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2009-5046\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-41900\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-14893\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-0265\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-36186\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-32114\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-22371\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-8184\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-5421\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-12402\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2006-5540\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-52316\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-23305\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-8014\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-3192\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-54988\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-40690\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-24616\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-48795\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-5351\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-0188\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2009-3229\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-13920\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-25329\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-3253\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-7768\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-4970\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-36185\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-1058\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-36187\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2006-7216\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-14379\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2002-1394\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-1313\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-2410\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-10969\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-12541\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2010-3083\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2000-1210\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-0714\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-25169\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-14061\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2013-1909\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2002-0682\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-42252\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-36090\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-5000\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-36179\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-48734\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-28169\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-0119\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2008-0002\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-12634\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-12537\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-11998\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-20862\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-28163\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-8034\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-1938\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2009-0783\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2001-0829\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-15801\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-17638\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2010-1587\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-8125\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-12538\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-17531\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2011-5062\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-20883\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2013-1899\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-11113\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-11965\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-0221\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-36188\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-10915\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-11407\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-45648\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"spring-messaging\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2011-2526\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-2080\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-0193\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2005-4703\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-6762\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2009-0033\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-28709\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-3088\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-34055\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-1199\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2010-1447\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-46337\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-29885\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"netty-resolver-dns\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2007-0556\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-22570\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"jetty-util\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2019-10094\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-1335\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-14798\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-0034\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-3488\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-25649\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2008-5515\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-23214\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-7246\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-0003\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-36518\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-11612\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2005-3510\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-20863\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-17527\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2010-0684\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-38810\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2011-1419\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2002-2008\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"commons-compress\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2019-17267\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2009-4034\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-8017\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-0054\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-23672\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-34042\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-21409\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"tika-core\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2018-11762\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-5288\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"pdfbox\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2019-12814\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-1000027\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-16850\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-1935\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-5647\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2007-0555\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-5653\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-11620\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-3171\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-34981\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2002-1148\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2012-3544\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2013-6357\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-58056\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-22234\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2006-7197\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2007-5797\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-26464\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-6801\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2007-3385\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-36479\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-7546\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2013-4444\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"jbpm-flow\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2009-2902\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"failureaccess\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2017-8359\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-12617\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2011-2483\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-5289\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-0035\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-41915\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2003-0043\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2002-1397\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-42503\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-5643\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-3720\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-26049\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2007-1858\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-10129\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"spring-security-config\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2023-5870\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-5651\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-5253\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2010-1157\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-35515\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2012-5887\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-32732\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2011-2729\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-1336\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2003-0042\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-10650\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2003-0901\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"commons-collections\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2020-10968\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-8391\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-12415\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-12542\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-3159\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-12624\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2007-1355\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2010-2232\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-9489\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2006-7217\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-8739\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-1415\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2008-1232\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-17197\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-38808\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"commons-httpclient\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2015-1832\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-67735\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-28752\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-0061\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-1304\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-6809\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"spring-integration-file\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2007-4724\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2012-6551\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-1941\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2012-5786\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-42795\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-10128\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2012-3546\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-11973\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-44832\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2012-3488\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-1428\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2012-5568\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-53506\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2013-6465\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"drools-mvel\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2022-38749\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-2047\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-20330\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-21295\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-7348\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-46701\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-17640\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2013-2160\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-12172\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-66169\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-34442\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2005-0247\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-10978\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-12536\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-25710\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-2191\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-12633\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-25696\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-8036\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-3629\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-22950\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-37136\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2011-1582\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2005-1409\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-6816\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2002-1401\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-5868\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2000-0760\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-11272\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-35116\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-12384\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-20190\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-2048\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-22971\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-11307\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-14540\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-5645\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2011-3375\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2011-2894\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-5237\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-3574\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2000-1199\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-9547\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-11796\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2007-5461\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"postgresql\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2023-36478\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-21346\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-9431\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-30177\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2009-2693\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2002-1402\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2009-4136\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"drools-core\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2020-35491\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2013-0255\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-48989\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-0242\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-24750\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-22970\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-7559\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-12540\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2011-5034\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-68161\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-10211\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-7238\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"groovy-all\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2009-0580\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-36189\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-43980\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2007-6286\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-48988\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-37895\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-36180\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-22119\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2005-0246\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-33879\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2006-7196\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-13934\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-3529\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-20306\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-45105\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-21733\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-21347\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2002-0935\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-49124\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-1999-0862\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-47535\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-8022\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-41678\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2001-0917\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-11797\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2002-2272\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-26308\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2008-0128\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2011-1475\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-35516\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-0244\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"spring-tx\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2022-31690\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-11966\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"hibernate-validator\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2021-36373\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-20445\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-10977\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"ant\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2025-25193\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-23222\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-1471\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-0228\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-5346\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2011-5064\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2012-1618\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2002-2007\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-36437\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-37137\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-12086\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-37533\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-36181\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-5345\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2010-1170\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2013-4286\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-7545\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-4995\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-21348\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-18640\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-7657\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2008-4308\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-38751\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-45859\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"guava\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2011-4858\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-3600\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-38286\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-23926\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-13954\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-8806\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-31692\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"poi-ooxml\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2007-3279\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-2156\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-3584\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-13943\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-12544\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-10976\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-9546\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-48913\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-14349\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-3092\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-13936\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-29025\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"jetty-server\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2018-10925\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-41172\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-5869\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2010-4172\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-10209\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-17485\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-22233\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-0227\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2006-2314\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-4317\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-0985\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-11972\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-0099\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-15099\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-21350\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-22978\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-31650\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2012-0022\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"spring-boot-starter-websocket\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"commons-net\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2024-24549\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2012-0866\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-0114\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-5664\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2005-1410\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-38820\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"snakeyaml\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2020-26217\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2009-0026\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-8735\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-34750\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2010-4312\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-9823\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2003-0044\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-1196\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-50379\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2009-2696\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-9735\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-21345\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2012-4458\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2011-0013\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2001-1563\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"cxf-rt-transports-http\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2013-1880\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-20860\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-8747\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2012-5575\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-27223\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-0201\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-5968\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-6797\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-1324\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2010-3718\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-36374\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2011-5063\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-1833\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-3271\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-0773\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-3165\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-31812\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2013-4152\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2003-0045\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2009-5045\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-0062\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"httpasyncclient\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2022-23302\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2012-0803\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-30126\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-20861\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-10241\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-4104\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-42004\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2012-5784\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-33037\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2012-4446\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2006-3835\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"jstl\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2022-41854\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-43767\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-0096\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2011-0534\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2011-1183\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-12616\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-16869\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-26336\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"jackson-databind\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2018-1053\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-9774\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-24813\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-34428\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2007-3278\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-11761\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2010-3433\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-27533\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2012-2098\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-3156\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-38750\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-45860\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-1305\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-12418\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-19362\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2010-0733\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2002-1657\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2012-5886\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-7051\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-5644\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-52434\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-0762\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2007-2449\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-33813\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2005-4849\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2009-5005\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-28164\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-15706\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-8046\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2001-0590\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-14721\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2010-0442\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-1257\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-14195\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-21343\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-14062\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2000-0759\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2013-1900\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-0109\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-30640\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"vertx-core\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2013-6429\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2011-4905\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2012-2733\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2009-5006\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-6794\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2006-0105\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-1272\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2013-4322\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-10733\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-1338\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-0065\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-22965\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-32029\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-1830\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-3510\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-22096\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-1948\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-25122\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-55754\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-12023\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2009-4269\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-27906\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2000-0672\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-11775\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"derby\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2015-6524\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-23307\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-22201\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-40167\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-41881\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2006-0553\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-5018\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2010-2227\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-20444\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-27772\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2002-1895\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-0226\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-0203\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-55163\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2007-3383\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-30973\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-7674\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"cxf-rt-frontend-jaxrs\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2014-9527\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-8908\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-3065\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-4800\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-17573\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-20873\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"protobuf-java\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2014-0075\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-5398\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-25857\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-7656\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-32027\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-3166\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2002-2009\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-24823\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-14718\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-55668\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-17563\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-22060\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-2669\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2002-1567\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-22968\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-6325\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-6796\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-17632\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-0782\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2013-1902\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-28165\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-3167\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-2193\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-17521\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2010-2076\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-5413\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-49125\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2012-2379\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-52318\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-10130\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-14719\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-15095\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2013-0346\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2007-3384\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-17569\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-29736\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-0095\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-14892\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-1720\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-1240\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-11112\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2007-6067\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"jackson-dataformat-xml\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2007-5333\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-21351\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2009-3548\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-34429\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2005-4838\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-0194\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"wss4j-ws-security-dom\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2017-7486\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-0066\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2007-3280\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-36182\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-7675\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2012-4431\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2010-1975\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"xmlbeans\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2021-41411\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-8749\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-1954\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-46363\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-32028\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-11771\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-16942\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2012-4460\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-25762\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-46589\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"netty-codec-http2\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2020-9488\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-0223\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2008-3271\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-0763\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-15709\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2013-2185\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-27636\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-1258\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2009-2901\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-25647\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-0224\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-5254\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-0766\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-3677\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-33265\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-7658\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2012-3451\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-1950\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"commons-lang\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2021-30468\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2007-2450\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-22696\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2012-0213\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-0264\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-2625\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-42003\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-2454\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-3393\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-36183\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"annotations-api\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2015-0263\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-21349\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-9484\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2009-3230\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-21290\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2002-0936\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2012-0867\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"servlet-api\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2016-2175\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"spring-context\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2020-8840\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-15756\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2006-0678\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2002-1399\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-45046\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-0222\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-29425\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-0223\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-42340\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-45143\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2011-2487\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-0060\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-0050\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-26987\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-10086\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2010-4015\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-27218\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"grpc-api\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2017-7860\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-5424\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-27216\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2012-3489\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-0067\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-5423\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-8110\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-0033\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2007-3382\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-46604\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2009-0922\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-11784\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2005-0227\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-1275\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2013-3060\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2006-7195\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2008-1947\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-34462\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-26168\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-6420\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-1271\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-0227\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-11971\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-7810\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-22569\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-0734\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-10088\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"tomcat-embed-core\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2020-1945\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-36184\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2005-0245\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-10750\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-5388\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-44487\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2007-6600\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"websocket-client\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2023-2455\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-61795\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-8745\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-13009\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-10208\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-43797\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-19360\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-7489\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-19361\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-24970\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"jackrabbit-core\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2017-7548\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-23181\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2013-1777\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-41080\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-8006\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-27807\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-66516\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2011-1088\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2013-1879\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-39417\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2012-4534\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-22118\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2012-5633\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-38752\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-47554\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-35517\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-14720\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-5648\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-6763\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2013-2071\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2003-0866\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2008-5519\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2009-0039\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2012-6153\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2012-4459\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-1270\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-0706\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2011-3190\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-0110\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2009-0781\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-2976\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2006-5541\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-21344\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2004-0547\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2011-2204\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-46364\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-1552\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-48924\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-7525\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2004-0977\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"log4j\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2019-10246\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-10072\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2002-0972\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-25694\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2006-0254\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-13947\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-21341\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2002-1398\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2012-6092\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-0768\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-0201\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-10210\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-30639\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-44228\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-0199\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-6812\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2009-0038\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-9548\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-35728\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-10127\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-12423\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-12626\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-22369\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2013-2067\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"netty-buffer\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2002-2006\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-14350\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-21342\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-7048\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-29891\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-12406\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-8039\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-14439\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-5650\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2013-4590\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-42794\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2007-6601\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-5344\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"camel-core\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2002-1642\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-8027\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-58782\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2009-3231\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-9879\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-58057\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-32731\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-0243\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-12615\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-34053\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-41862\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-56337\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2013-0239\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-52317\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2002-1400\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-0002\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2008-5518\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-10673\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"spring-boot-starter-log4j\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2019-3795\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-2684\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2007-5342\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"commons-beanutils\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2023-34034\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-3576\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-16943\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-22976\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-33264\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"spring-integration-core\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2021-46877\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-7485\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-22602\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2007-4769\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-26048\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-5656\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-3772\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-7254\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2012-2378\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"log4j-slf4j-impl\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2017-15098\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2012-2143\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-11619\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-24122\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2011-2481\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-6817\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-1951\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-0063\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-55752\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"gson\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2010-1244\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-5397\",\n            \"type\": \"CVE\"\n        }\n    ]\n}"}],"_postman_id":"2c3b1411-2554-4aa0-a35a-b3855bf99ecf"},{"name":"Graph Links","id":"d58b9496-8301-4a3d-bf08-77d21232dd4c","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/sbom/parking/network-graph/links","urlObject":{"port":"2999","path":["sbom","parking","network-graph","links"],"host":["{{sl-host}}"],"query":[{"disabled":true,"key":"productName","value":"jms"},{"disabled":true,"key":"productName","value":"jbl"}],"variable":[]}},"response":[{"id":"195d21e7-e0cd-4210-a655-8c7a3bdcc1c9","name":"Graph Links","originalRequest":{"method":"GET","header":[],"url":{"raw":"{{sl-host}}:2999/sbom/parking/network-graph/links","host":["{{sl-host}}"],"port":"2999","path":["sbom","parking","network-graph","links"],"query":[{"key":"productName","value":"jms","disabled":true},{"key":"productName","value":"jbl","type":"text","disabled":true}]}},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"306703"},{"key":"ETag","value":"W/\"4ae0f-0qsAxWY07NF+L2mkXM3+4LtzNBo\""},{"key":"Date","value":"Wed, 28 Jan 2026 10:01:34 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n    \"success\": true,\n    \"data\": [\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-14718\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-10673\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-14719\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-19361\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-14379\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-14540\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-16335\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-16942\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-17531\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-17267\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-11113\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-10969\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-14062\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36518\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-24616\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-11111\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-11112\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-14060\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-14061\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-14195\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-25649\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-35728\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36179\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36180\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36181\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36184\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36185\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36187\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36189\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-8840\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-9546\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-35490\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2022-24823\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2015-2156\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2021-21290\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.2\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2022-41915\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2019-20444\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2022-42003\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2022-42004\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"vertx-core\",\n            \"target\": \"CVE-2018-12541\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"vertx-core\",\n            \"target\": \"CVE-2018-12544\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"vertx-core\",\n            \"target\": \"CVE-2025-11966\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.4\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2014-3488\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2019-20445\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2021-21295\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2021-21409\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2021-37137\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2021-43797\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2023-44487\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2020-11612\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2025-24970\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-codec-http2\",\n            \"target\": \"CVE-2015-2156\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-codec-http2\",\n            \"target\": \"CVE-2021-21290\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.2\n        },\n        {\n            \"source\": \"netty-codec-http2\",\n            \"target\": \"CVE-2022-41915\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2025-58057\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-codec-http2\",\n            \"target\": \"CVE-2019-20444\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"netty-codec-http2\",\n            \"target\": \"CVE-2014-3488\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"netty-codec-http2\",\n            \"target\": \"CVE-2019-20445\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"netty-codec-http2\",\n            \"target\": \"CVE-2021-21295\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"netty-codec-http2\",\n            \"target\": \"CVE-2021-21409\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"netty-codec-http2\",\n            \"target\": \"CVE-2021-37137\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-codec-http2\",\n            \"target\": \"CVE-2023-34462\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"netty-codec-http2\",\n            \"target\": \"CVE-2023-44487\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2025-25193\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"netty-codec-http2\",\n            \"target\": \"CVE-2025-25193\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2025-55163\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-codec-http2\",\n            \"target\": \"CVE-2025-55163\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-codec-http2\",\n            \"target\": \"CVE-2025-58056\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2025-67735\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"netty-codec-http2\",\n            \"target\": \"CVE-2020-11612\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"hazelcast\",\n            \"target\": \"CVE-2016-10750\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"hazelcast\",\n            \"target\": \"CVE-2020-26168\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"hazelcast\",\n            \"target\": \"CVE-2022-0265\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"hazelcast\",\n            \"target\": \"CVE-2023-33264\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"hazelcast\",\n            \"target\": \"CVE-2023-33265\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"hazelcast\",\n            \"target\": \"CVE-2023-45860\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2011-2894\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2013-4152\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2013-6429\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2013-7315\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2014-0054\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2015-0201\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2016-9878\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2018-11039\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2018-11040\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2018-1199\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2018-1257\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2018-1258\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2018-1270\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2018-1272\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2018-1275\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2018-15756\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2018-15801\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.4\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2020-5421\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2021-22060\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"hazelcast\",\n            \"target\": \"CVE-2023-45859\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.6\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2016-1000027\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2018-1271\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2014-3625\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"hazelcast\",\n            \"target\": \"CVE-2022-36437\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"netty-codec-http2\",\n            \"target\": \"CVE-2025-58057\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2015-3192\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"netty-codec-http2\",\n            \"target\": \"CVE-2025-67735\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2021-22118\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2022-22965\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2022-22968\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2022-22970\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2022-22971\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2023-20860\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2023-20861\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2023-20863\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2024-22233\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2024-22259\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2024-38808\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-1999-0862\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2000-1199\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2002-0972\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2002-1398\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2002-1399\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2002-1400\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2002-1401\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2002-1402\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2002-1642\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2002-1657\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2004-0547\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2005-0227\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2005-0246\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2005-0247\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2005-1409\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2005-1410\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2023-34053\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2024-38820\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2021-22096\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2005-0245\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2022-22950\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2003-0901\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2005-0244\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2002-1397\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2006-0105\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2006-2313\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2006-5541\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2006-5542\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2007-0555\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2007-3278\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2007-3279\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2007-3280\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2007-4769\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2007-4772\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2007-6067\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2007-6600\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2007-6601\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2009-0922\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2009-3229\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2009-3230\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2009-3231\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2009-4034\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2009-4136\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2010-0442\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2010-0733\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2010-1169\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2010-1170\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2010-1447\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2010-1975\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2010-3433\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2012-0867\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2012-0868\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2012-1618\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2006-0553\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2010-4015\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2006-0678\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2006-2314\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2007-2138\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2006-5540\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2011-2483\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2012-2655\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2012-3488\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2012-3489\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2013-0255\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2013-1899\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2013-1900\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2013-1901\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2013-1902\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2013-1903\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2014-0061\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2014-0063\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2014-0064\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2014-0065\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2014-0066\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2014-2669\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2014-8161\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2015-0241\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2015-0242\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2015-0243\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2015-0244\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2015-3165\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2015-3166\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2015-3167\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2015-5288\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2015-5289\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2016-0766\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2016-0768\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2016-0773\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2016-2193\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2016-3065\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2016-5423\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.3\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2016-7048\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2014-0060\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2014-0062\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2014-0067\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2012-2143\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2017-12172\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.7\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2017-14798\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2017-15098\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2017-7484\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2017-7485\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2017-7486\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2017-7547\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2017-7548\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2017-8806\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2018-1053\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2018-1058\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2018-10915\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2018-10925\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2018-16850\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2019-10127\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2019-10128\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2019-10129\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2019-10130\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2019-10164\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2019-10208\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2019-10209\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.2\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2019-10210\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2019-10211\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2019-9193\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.2\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2020-10733\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2020-14349\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.1\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2020-14350\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2020-1720\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2020-25695\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2020-25696\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2021-20229\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2018-1115\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2020-25694\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2017-7546\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2017-15099\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2021-23214\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2021-32028\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2021-32029\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2021-3393\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2021-3677\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2021-43767\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2022-1552\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2022-2625\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2022-41862\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2023-2454\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.2\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2023-2455\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.4\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2023-39417\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2023-39418\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2023-5868\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2023-5869\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2024-0985\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2024-10977\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2024-10979\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2024-4317\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2024-7348\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"log4j-slf4j-impl\",\n            \"target\": \"CVE-2017-5645\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"log4j-slf4j-impl\",\n            \"target\": \"CVE-2019-17571\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"log4j-slf4j-impl\",\n            \"target\": \"CVE-2021-4104\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"log4j-slf4j-impl\",\n            \"target\": \"CVE-2021-44228\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 10\n        },\n        {\n            \"source\": \"log4j-slf4j-impl\",\n            \"target\": \"CVE-2021-44832\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.6\n        },\n        {\n            \"source\": \"log4j-slf4j-impl\",\n            \"target\": \"CVE-2021-45046\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9\n        },\n        {\n            \"source\": \"log4j-slf4j-impl\",\n            \"target\": \"CVE-2022-23305\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2023-5870\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.2\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2024-10976\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.2\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2024-10978\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.2\n        },\n        {\n            \"source\": \"log4j-slf4j-impl\",\n            \"target\": \"CVE-2022-23302\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"log4j-slf4j-impl\",\n            \"target\": \"CVE-2020-9488\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7\n        },\n        {\n            \"source\": \"log4j-slf4j-impl\",\n            \"target\": \"CVE-2020-9493\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"log4j-slf4j-impl\",\n            \"target\": \"CVE-2021-45105\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"log4j-slf4j-impl\",\n            \"target\": \"CVE-2022-23307\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"log4j-slf4j-impl\",\n            \"target\": \"CVE-2023-26464\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"guava\",\n            \"target\": \"CVE-2018-10237\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"guava\",\n            \"target\": \"CVE-2020-8908\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.3\n        },\n        {\n            \"source\": \"guava\",\n            \"target\": \"CVE-2023-2976\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"log4j-slf4j-impl\",\n            \"target\": \"CVE-2025-68161\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-14718\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-14719\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-19361\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-14379\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-14540\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-16335\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-16942\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-11113\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-10969\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-14062\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-10673\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-24616\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-10968\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-11111\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-11112\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-14060\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-14061\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-14195\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-25649\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-35728\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36179\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36180\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36181\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36183\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36184\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36185\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36187\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-35490\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2017-18640\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2022-1471\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.3\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2022-25857\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2022-38749\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2022-38750\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2022-38751\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2022-38752\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2010-0684\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2010-1244\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2010-1587\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2011-4905\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2012-6092\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2013-1879\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2013-1880\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2013-3060\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2014-3576\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2014-3600\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2014-3612\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2014-8110\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2015-1830\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2015-5254\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2012-6551\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2022-41854\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36518\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-8840\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-9546\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2022-42003\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2022-42004\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2015-6524\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2015-7559\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2016-0782\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.4\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2016-3088\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2017-15709\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2018-11775\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.4\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2019-0201\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2019-0222\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2019-10241\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2020-11998\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2020-13947\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2020-1941\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2020-26217\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2021-21341\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2021-21342\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2021-21343\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2021-21344\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2021-21345\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.8\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2021-21346\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2021-21347\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2021-21348\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2021-21349\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2021-21351\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.4\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2021-26117\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2022-41678\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2023-46604\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 10\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2025-27533\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"log4j\",\n            \"target\": \"CVE-2022-23305\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2016-0734\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2020-13920\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2021-21350\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2018-8006\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-14718\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-10673\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-14719\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-14379\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-16335\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-16942\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-17267\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-17531\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-10968\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-14721\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 10\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-11113\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-10969\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-14062\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36518\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-24616\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-11112\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-14060\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-14061\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-14195\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-25649\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-35728\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36179\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36180\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36181\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36184\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36185\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36187\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36189\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-8840\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-9546\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-35490\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-dataformat-xml\",\n            \"target\": \"CVE-2016-7051\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6\n        },\n        {\n            \"source\": \"pdfbox\",\n            \"target\": \"CVE-2018-11797\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"pdfbox\",\n            \"target\": \"CVE-2018-8036\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"pdfbox\",\n            \"target\": \"CVE-2019-0228\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"pdfbox\",\n            \"target\": \"CVE-2021-27807\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"pdfbox\",\n            \"target\": \"CVE-2021-27906\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"pdfbox\",\n            \"target\": \"CVE-2021-31811\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"pdfbox\",\n            \"target\": \"CVE-2021-31812\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"drools-core\",\n            \"target\": \"CVE-2014-8125\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"drools-core\",\n            \"target\": \"CVE-2021-41411\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"poi-ooxml\",\n            \"target\": \"CVE-2012-0213\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"poi-ooxml\",\n            \"target\": \"CVE-2014-3529\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"poi-ooxml\",\n            \"target\": \"CVE-2014-3574\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"poi-ooxml\",\n            \"target\": \"CVE-2014-9527\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"poi-ooxml\",\n            \"target\": \"CVE-2016-5000\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"poi-ooxml\",\n            \"target\": \"CVE-2017-12626\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"poi-ooxml\",\n            \"target\": \"CVE-2017-5644\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"poi-ooxml\",\n            \"target\": \"CVE-2019-12415\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"poi-ooxml\",\n            \"target\": \"CVE-2022-26336\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"poi-ooxml\",\n            \"target\": \"CVE-2025-31672\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"xmlbeans\",\n            \"target\": \"CVE-2021-23926\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"commons-compress\",\n            \"target\": \"CVE-2018-11771\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"commons-compress\",\n            \"target\": \"CVE-2018-1324\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"commons-compress\",\n            \"target\": \"CVE-2019-12402\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"commons-compress\",\n            \"target\": \"CVE-2021-35515\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"commons-compress\",\n            \"target\": \"CVE-2021-35516\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"commons-compress\",\n            \"target\": \"CVE-2021-35517\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"drools-core\",\n            \"target\": \"CVE-2022-1415\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"commons-compress\",\n            \"target\": \"CVE-2012-2098\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2022-42003\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2022-42004\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"commons-compress\",\n            \"target\": \"CVE-2021-36090\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"commons-compress\",\n            \"target\": \"CVE-2023-42503\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"commons-compress\",\n            \"target\": \"CVE-2024-25710\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"commons-compress\",\n            \"target\": \"CVE-2024-26308\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"jbpm-flow\",\n            \"target\": \"CVE-2013-6465\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.4\n        },\n        {\n            \"source\": \"jbpm-flow\",\n            \"target\": \"CVE-2014-8125\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jbpm-flow\",\n            \"target\": \"CVE-2017-7545\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"jbpm-flow\",\n            \"target\": \"CVE-2021-20306\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"protobuf-java\",\n            \"target\": \"CVE-2015-5237\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"protobuf-java\",\n            \"target\": \"CVE-2024-2410\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.6\n        },\n        {\n            \"source\": \"protobuf-java\",\n            \"target\": \"CVE-2024-7254\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2018-1258\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-14718\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-14719\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-19361\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-14379\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2017-7525\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-11113\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-10969\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-14062\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-10673\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-24616\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-17531\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-10968\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-11111\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-11112\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-11620\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-16335\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-16942\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-14060\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-14061\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-14195\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-25649\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-35728\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36179\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36180\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-35490\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2011-2894\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2013-4152\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2013-6429\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2013-7315\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2014-0054\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2015-0201\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2016-9878\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2018-11039\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2018-11040\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2018-1199\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2018-1257\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2014-3625\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36518\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2015-3192\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36184\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36185\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36187\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-8840\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-9546\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-9548\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2022-42003\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2018-1270\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2018-1272\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2018-1275\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2018-15756\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2018-15801\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.4\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2020-5421\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2021-22060\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2021-22118\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2022-22965\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2022-22968\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2022-22970\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2022-22971\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2023-20860\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2023-20861\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2023-20863\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2024-22233\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2024-22259\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2024-38808\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"guava\",\n            \"target\": \"CVE-2018-10237\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"guava\",\n            \"target\": \"CVE-2020-8908\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.3\n        },\n        {\n            \"source\": \"guava\",\n            \"target\": \"CVE-2023-2976\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"failureaccess\",\n            \"target\": \"CVE-2018-10237\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"failureaccess\",\n            \"target\": \"CVE-2020-8908\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.3\n        },\n        {\n            \"source\": \"failureaccess\",\n            \"target\": \"CVE-2023-2976\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"commons-io\",\n            \"target\": \"CVE-2021-29425\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8\n        },\n        {\n            \"source\": \"commons-io\",\n            \"target\": \"CVE-2024-47554\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"commons-collections\",\n            \"target\": \"CVE-2015-6420\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"commons-lang\",\n            \"target\": \"CVE-2025-48924\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-1999-0862\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2023-34053\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2024-38820\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2021-22096\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2022-22950\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2020-5397\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2000-1199\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2002-0972\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2002-1397\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2002-1398\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2002-1399\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2002-1400\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2002-1401\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2002-1402\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2002-1642\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2002-1657\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2003-0901\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2004-0547\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2004-0977\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2005-0227\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2005-0244\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2005-0245\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2005-0246\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2005-0247\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2005-1409\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2005-1410\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2006-0105\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2006-0553\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2006-0678\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2006-2313\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2006-2314\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2006-5540\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2006-5541\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2006-5542\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2007-0555\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2007-0556\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2007-2138\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2007-3278\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2007-3279\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2007-3280\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2007-4769\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2007-4772\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2007-6067\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2007-6600\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2007-6601\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2009-0922\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2009-3229\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2009-3230\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2009-3231\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2009-4034\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2009-4136\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2010-0442\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2010-0733\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2010-1169\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2010-1170\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2010-1447\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2010-1975\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2010-3433\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2010-4015\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2011-2483\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2012-0866\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2012-0867\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2012-0868\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2012-1618\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2012-2143\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2012-2655\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2012-3488\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2012-3489\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2013-0255\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2013-1899\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2013-1900\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2013-1901\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2013-1902\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2013-1903\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2014-0060\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2014-0061\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2014-0062\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2014-0063\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2014-0064\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2014-0065\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2014-0066\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2014-0067\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2014-2669\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2014-8161\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2015-0241\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2015-0242\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2015-0243\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2015-0244\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2015-3165\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2015-3166\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2015-3167\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2015-5288\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2015-5289\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2016-0766\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2016-0768\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2016-0773\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2016-2193\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2016-3065\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2016-5423\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.3\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2016-5424\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.1\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2016-7048\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2017-12172\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.7\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2017-14798\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2017-15098\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2017-15099\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2017-7484\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2017-7485\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2017-7486\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2017-7546\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2017-7547\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2017-7548\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2017-8806\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2018-1052\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2018-1053\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2018-1058\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2018-10915\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2018-10925\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2018-1115\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"log4j\",\n            \"target\": \"CVE-2021-45105\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2018-16850\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2019-10127\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2019-10128\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2019-10129\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2019-10130\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2019-10164\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2019-10208\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2019-10209\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.2\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2019-10210\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2019-10211\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2019-9193\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.2\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2020-10733\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2020-14349\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.1\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2020-14350\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2020-1720\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2020-25694\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2020-25695\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2020-25696\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2021-20229\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2021-23214\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2021-23222\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2021-32027\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2021-32028\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2021-32029\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2021-3393\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2021-3677\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2021-43767\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2022-1552\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2022-2625\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2022-41862\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2023-2454\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.2\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2023-2455\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.4\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2023-39417\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2023-39418\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2023-5868\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2023-5869\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2023-5870\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.2\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2024-0985\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2024-10976\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.2\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2024-10977\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2024-10978\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.2\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2024-10979\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2024-4317\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2024-7348\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2011-2894\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2013-4152\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2013-6429\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2013-7315\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2014-0054\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2014-3625\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2015-0201\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2015-3192\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2016-1000027\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2016-9878\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2018-11039\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2018-11040\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2018-1199\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2018-1257\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2018-1258\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2018-1270\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2018-1271\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2018-1272\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2018-1275\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2018-15756\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2018-15801\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.4\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2020-5397\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2020-5398\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2020-5421\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2021-22060\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2021-22096\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2021-22118\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2022-22950\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2022-22965\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2022-22968\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2022-22970\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2022-22971\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2023-20860\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2023-20861\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2023-20863\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2023-34053\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2024-22233\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2024-22259\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2024-38808\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2024-38820\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1\n        },\n        {\n            \"source\": \"commons-httpclient\",\n            \"target\": \"CVE-2012-6153\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"commons-net\",\n            \"target\": \"CVE-2021-37533\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"commons-collections\",\n            \"target\": \"CVE-2015-6420\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"camel-core\",\n            \"target\": \"CVE-2013-4330\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"camel-core\",\n            \"target\": \"CVE-2014-0002\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"camel-core\",\n            \"target\": \"CVE-2014-0003\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"camel-core\",\n            \"target\": \"CVE-2015-0263\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"camel-core\",\n            \"target\": \"CVE-2015-0264\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"camel-core\",\n            \"target\": \"CVE-2015-5344\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"camel-core\",\n            \"target\": \"CVE-2015-5348\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"camel-core\",\n            \"target\": \"CVE-2016-8749\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"camel-core\",\n            \"target\": \"CVE-2017-12633\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"camel-core\",\n            \"target\": \"CVE-2017-12634\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"camel-core\",\n            \"target\": \"CVE-2017-3159\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"camel-core\",\n            \"target\": \"CVE-2017-5643\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.4\n        },\n        {\n            \"source\": \"camel-core\",\n            \"target\": \"CVE-2018-8027\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"camel-core\",\n            \"target\": \"CVE-2019-0188\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"camel-core\",\n            \"target\": \"CVE-2019-0194\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"camel-core\",\n            \"target\": \"CVE-2020-11971\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"camel-core\",\n            \"target\": \"CVE-2020-11972\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"camel-core\",\n            \"target\": \"CVE-2020-11973\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"camel-core\",\n            \"target\": \"CVE-2020-11994\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"camel-core\",\n            \"target\": \"CVE-2020-5529\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"camel-core\",\n            \"target\": \"CVE-2023-34442\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.3\n        },\n        {\n            \"source\": \"camel-core\",\n            \"target\": \"CVE-2024-22369\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"camel-core\",\n            \"target\": \"CVE-2024-22371\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.9\n        },\n        {\n            \"source\": \"camel-core\",\n            \"target\": \"CVE-2024-23114\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"camel-core\",\n            \"target\": \"CVE-2025-27636\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.6\n        },\n        {\n            \"source\": \"camel-core\",\n            \"target\": \"CVE-2025-29891\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8\n        },\n        {\n            \"source\": \"camel-core\",\n            \"target\": \"CVE-2025-30177\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"camel-core\",\n            \"target\": \"CVE-2025-66169\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"pdfbox\",\n            \"target\": \"CVE-2016-2175\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"pdfbox\",\n            \"target\": \"CVE-2018-11797\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"pdfbox\",\n            \"target\": \"CVE-2018-8036\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"pdfbox\",\n            \"target\": \"CVE-2019-0228\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"pdfbox\",\n            \"target\": \"CVE-2021-27807\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"pdfbox\",\n            \"target\": \"CVE-2021-27906\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"pdfbox\",\n            \"target\": \"CVE-2021-31811\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"pdfbox\",\n            \"target\": \"CVE-2021-31812\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2017-17485\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-14718\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"log4j\",\n            \"target\": \"CVE-2022-23302\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-19361\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-14719\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-10673\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-10969\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-11113\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-14062\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-24616\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-24750\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-17531\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-20330\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-10968\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-11111\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-11112\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-16335\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-16942\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-14060\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-14061\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-14195\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-25649\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-35728\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36179\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-35490\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36518\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"hibernate-validator\",\n            \"target\": \"CVE-2023-1932\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"gson\",\n            \"target\": \"CVE-2022-25647\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.7\n        },\n        {\n            \"source\": \"commons-net\",\n            \"target\": \"CVE-2021-37533\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"commons-collections\",\n            \"target\": \"CVE-2015-6420\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"commons-lang\",\n            \"target\": \"CVE-2025-48924\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"commons-io\",\n            \"target\": \"CVE-2021-29425\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8\n        },\n        {\n            \"source\": \"commons-io\",\n            \"target\": \"CVE-2024-47554\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"log4j\",\n            \"target\": \"CVE-2017-5645\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"log4j\",\n            \"target\": \"CVE-2019-17571\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"log4j\",\n            \"target\": \"CVE-2020-9488\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7\n        },\n        {\n            \"source\": \"log4j\",\n            \"target\": \"CVE-2020-9493\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"log4j\",\n            \"target\": \"CVE-2021-4104\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"log4j\",\n            \"target\": \"CVE-2021-44228\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 10\n        },\n        {\n            \"source\": \"log4j\",\n            \"target\": \"CVE-2021-44832\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.6\n        },\n        {\n            \"source\": \"log4j\",\n            \"target\": \"CVE-2021-45046\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36181\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36184\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36185\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36187\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-8840\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-9546\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2021-46877\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2022-42003\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"log4j\",\n            \"target\": \"CVE-2022-23307\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"log4j\",\n            \"target\": \"CVE-2023-26464\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"log4j\",\n            \"target\": \"CVE-2025-68161\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2010-2076\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2011-2487\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2012-0803\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2012-2378\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2012-2379\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2012-3451\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2012-5575\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2012-5633\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2012-5786\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2013-0239\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2013-2160\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2014-0034\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2014-0035\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2014-0109\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2014-0110\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2014-3584\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2014-3623\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2015-5253\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2016-6812\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2016-8739\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2017-12624\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2017-3156\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2017-5653\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2017-5656\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2018-8039\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2019-12406\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2019-12419\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2019-12423\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2019-17573\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2020-13954\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2020-1954\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2021-22696\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2021-30468\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2021-40690\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2022-46363\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2022-46364\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2024-28752\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.3\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2024-29736\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2024-32007\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2024-41172\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2025-23184\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2025-48795\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.6\n        },\n        {\n            \"source\": \"cxf-rt-transports-http\",\n            \"target\": \"CVE-2025-48913\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"geronimo-jta_1.1_spec\",\n            \"target\": \"CVE-2006-0254\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"geronimo-jta_1.1_spec\",\n            \"target\": \"CVE-2007-4548\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"geronimo-jta_1.1_spec\",\n            \"target\": \"CVE-2007-5085\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"geronimo-jta_1.1_spec\",\n            \"target\": \"CVE-2007-5797\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"geronimo-jta_1.1_spec\",\n            \"target\": \"CVE-2008-0732\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"geronimo-jta_1.1_spec\",\n            \"target\": \"CVE-2008-5518\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"geronimo-jta_1.1_spec\",\n            \"target\": \"CVE-2009-0038\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"geronimo-jta_1.1_spec\",\n            \"target\": \"CVE-2009-0039\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"geronimo-jta_1.1_spec\",\n            \"target\": \"CVE-2011-5034\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"geronimo-jta_1.1_spec\",\n            \"target\": \"CVE-2013-1777\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2017-17485\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-14718\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-14719\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-19361\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-10673\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-10969\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-11113\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-14062\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-24616\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-16335\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-16942\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-17531\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-20330\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-10968\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-11111\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-11112\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-14379\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-14060\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-14061\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-14195\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-24750\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36518\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2000-0672\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2000-0759\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2000-0760\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2000-1210\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2001-0590\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2001-0829\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2001-0917\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2001-1563\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-35728\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36179\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36180\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36181\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36184\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36185\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36187\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-8840\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-9546\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2021-20190\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2022-42003\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-35490\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2002-0682\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2002-0935\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2002-0936\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2002-1148\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2002-1394\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2002-1567\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2002-1895\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2002-2006\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2002-2007\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2002-2008\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2002-2009\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2002-2272\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2003-0042\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2003-0043\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2003-0044\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2003-0045\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2003-0866\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2005-0808\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2005-2090\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2005-3164\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2005-3510\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2005-4703\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2005-4836\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2005-4838\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2006-3835\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2006-7195\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2006-7196\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2006-7197\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2007-0450\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2007-1355\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2007-1358\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2007-1858\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2007-2449\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2007-2450\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2007-3382\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2007-3383\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2007-3384\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2007-3385\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2007-3386\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2007-4724\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2007-5333\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2007-5342\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2007-5461\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2007-6286\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2008-0002\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2008-0128\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2008-1232\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2008-1947\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2008-2370\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2008-2938\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2008-3271\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2008-4308\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2008-5515\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2008-5519\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2009-0033\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2009-0580\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2009-0781\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2009-0783\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.2\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2009-2693\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2009-2696\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2009-2901\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2009-2902\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2009-3548\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2010-1157\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2010-2227\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2010-3718\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2010-4172\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2010-4312\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2011-0013\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2011-0534\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2011-1088\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2011-1183\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2011-1184\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2011-1419\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2011-1475\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2011-1582\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2011-2204\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2011-2481\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2011-2526\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2011-2729\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2011-3190\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2011-3375\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2011-3376\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2011-4858\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2011-5062\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2011-5063\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2011-5064\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2012-0022\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2012-2733\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2012-3544\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2012-3546\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2012-4431\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2012-4534\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2012-5568\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2012-5885\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2012-5886\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2012-5887\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2013-0346\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2013-2067\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2013-2071\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2013-2185\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2013-4286\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2013-4322\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2013-4444\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2013-4590\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2013-6357\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2014-0033\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2014-0050\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2014-0075\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2014-0095\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2014-0096\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2014-0099\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2014-0119\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2014-0227\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2014-0230\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2014-7810\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2015-5174\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2015-5345\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2015-5346\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2015-5351\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2016-0706\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2016-0714\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2016-0762\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2016-0763\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2016-1240\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2016-3092\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2016-5018\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2016-5388\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2016-5425\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2016-6325\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2016-6794\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2016-6796\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2016-6797\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2016-6816\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.1\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2016-6817\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2016-8735\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2016-8745\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2016-8747\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2016-9774\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2016-9775\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2017-12615\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2017-12616\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2017-12617\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2017-15706\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2017-5647\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2017-5648\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2017-5650\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2017-5651\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2017-5664\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2017-7674\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2017-7675\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2018-11784\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2018-1304\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2018-1305\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2018-1336\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2018-8014\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2018-8034\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2018-8037\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2019-0199\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2019-0221\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2019-0232\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2019-10072\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2019-12418\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2019-17563\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2019-17569\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2019-2684\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2020-11996\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2020-13934\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2020-13935\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2020-13943\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2020-17527\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2020-1935\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2020-1938\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2020-8022\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.7\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2020-9484\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2021-24122\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2021-25122\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2021-25329\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2021-30639\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2021-30640\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2021-33037\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2021-41079\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2021-42340\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2021-43980\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2022-23181\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2022-25762\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2022-29885\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2022-34305\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2022-42252\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2022-45143\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2023-28708\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2023-28709\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2023-34981\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2023-41080\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2023-42794\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2023-42795\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2023-45648\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2023-46589\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2024-21733\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2024-23672\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2024-24549\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2024-34750\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2024-38286\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2024-50379\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2024-52316\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2024-52317\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2024-52318\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2024-54677\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2024-56337\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2025-24813\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2025-31650\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2025-31651\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2025-46701\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2025-48988\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2025-48989\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2025-49124\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.4\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2025-49125\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2025-52434\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2025-52520\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2025-53506\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2025-55668\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2025-55752\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2025-55754\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.6\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2025-61795\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2010-2076\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2011-2487\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2012-0803\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2012-2378\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2012-2379\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2012-3451\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2012-5575\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2012-5633\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2012-5786\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2013-0239\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2013-2160\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2014-0034\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2014-0035\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2014-0109\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2014-0110\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2014-3584\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2014-3623\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2015-5253\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2016-6812\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2016-8739\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2017-12624\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2017-3156\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2017-5653\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2017-5656\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2018-8039\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2019-12406\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2019-12419\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2019-12423\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2019-17573\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2020-13954\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2020-1954\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2021-22696\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2021-30468\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2021-40690\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2022-46363\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2022-46364\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2024-28752\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.3\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2024-29736\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2024-32007\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2024-41172\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2025-23184\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2025-48795\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.6\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2025-48913\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"commons-io\",\n            \"target\": \"CVE-2021-29425\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8\n        },\n        {\n            \"source\": \"commons-io\",\n            \"target\": \"CVE-2024-47554\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"ant\",\n            \"target\": \"CVE-2020-11979\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"ant\",\n            \"target\": \"CVE-2020-1945\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3\n        },\n        {\n            \"source\": \"ant\",\n            \"target\": \"CVE-2021-36373\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"ant\",\n            \"target\": \"CVE-2021-36374\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"spring-integration-core\",\n            \"target\": \"CVE-2019-3772\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"spring-integration-core\",\n            \"target\": \"CVE-2020-5413\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2011-2894\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2013-4152\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2013-6429\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2013-7315\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2014-0054\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2014-3625\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2015-0201\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2015-3192\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2016-1000027\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2016-9878\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2018-11039\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2018-11040\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2018-1199\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2018-1257\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2018-1258\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2018-1270\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2018-1271\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2018-1272\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2018-1275\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2018-15756\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2018-15801\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.4\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2020-5397\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2020-5398\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2020-5421\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2021-22060\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2021-22096\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2021-22118\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2022-22950\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2022-22965\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2022-22968\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2022-22970\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2022-22971\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2002-2008\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2023-20860\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2023-20861\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2023-20863\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2023-34053\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2024-22233\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2024-22259\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2024-38808\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2024-38820\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2015-2156\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2016-4970\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2019-20444\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2021-21290\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.2\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2022-24823\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2022-41915\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2025-24970\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2025-58057\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2014-3488\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2019-20445\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2021-21295\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2021-21409\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2021-37137\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2023-44487\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2024-47535\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2025-25193\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2020-11612\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2015-2156\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2016-4970\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2019-20444\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2021-21290\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.2\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2022-24823\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2022-41915\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2025-24970\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2025-58057\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2017-18640\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2022-1471\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.3\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2022-25857\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2022-38749\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2022-38750\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2022-38751\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2022-38752\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2014-3488\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2019-20445\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2021-21295\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2021-21409\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2021-37137\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2023-44487\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2024-47535\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2025-25193\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2025-55163\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2025-67735\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2020-11612\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2022-41854\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.8\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2010-0684\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2010-1244\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2010-1587\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2011-4905\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2012-5784\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2012-6092\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2012-6551\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2013-1879\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2013-1880\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2013-3060\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2014-3576\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2014-3600\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2014-3612\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2014-8110\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2015-1830\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2015-5254\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2015-6524\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2015-7559\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2016-0734\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2016-0782\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.4\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2016-3088\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2016-6810\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2017-15709\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2018-11775\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.4\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2018-8006\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2019-0201\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2019-0222\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2019-10241\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2020-11998\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2020-13920\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2020-13947\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2020-1941\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2020-26217\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2021-21341\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2002-2009\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2021-21342\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2021-21343\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2021-21344\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2021-21345\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.8\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2021-21346\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2021-21347\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2021-21348\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2021-21349\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2021-21350\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2021-21351\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.4\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2021-26117\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2022-41678\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2023-46604\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 10\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2024-32114\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.5\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2025-27533\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"drools-core\",\n            \"target\": \"CVE-2014-8125\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"drools-core\",\n            \"target\": \"CVE-2021-41411\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"drools-core\",\n            \"target\": \"CVE-2022-1415\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"drools-mvel\",\n            \"target\": \"CVE-2014-8125\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"drools-mvel\",\n            \"target\": \"CVE-2021-41411\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"drools-mvel\",\n            \"target\": \"CVE-2022-1415\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"poi-ooxml\",\n            \"target\": \"CVE-2012-0213\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"poi-ooxml\",\n            \"target\": \"CVE-2014-3529\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"poi-ooxml\",\n            \"target\": \"CVE-2014-3574\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"poi-ooxml\",\n            \"target\": \"CVE-2014-9527\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"poi-ooxml\",\n            \"target\": \"CVE-2016-5000\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"poi-ooxml\",\n            \"target\": \"CVE-2017-12626\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"poi-ooxml\",\n            \"target\": \"CVE-2017-5644\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"poi-ooxml\",\n            \"target\": \"CVE-2019-12415\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"poi-ooxml\",\n            \"target\": \"CVE-2022-26336\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"poi-ooxml\",\n            \"target\": \"CVE-2025-31672\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"xmlbeans\",\n            \"target\": \"CVE-2021-23926\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"commons-compress\",\n            \"target\": \"CVE-2012-2098\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"commons-compress\",\n            \"target\": \"CVE-2018-11771\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"commons-compress\",\n            \"target\": \"CVE-2018-1324\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"commons-compress\",\n            \"target\": \"CVE-2019-12402\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"commons-compress\",\n            \"target\": \"CVE-2021-35515\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"commons-compress\",\n            \"target\": \"CVE-2021-35516\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"commons-compress\",\n            \"target\": \"CVE-2021-35517\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"commons-compress\",\n            \"target\": \"CVE-2021-36090\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"commons-compress\",\n            \"target\": \"CVE-2023-42503\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"commons-compress\",\n            \"target\": \"CVE-2024-25710\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"commons-compress\",\n            \"target\": \"CVE-2024-26308\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"jbpm-flow\",\n            \"target\": \"CVE-2013-6465\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.4\n        },\n        {\n            \"source\": \"jbpm-flow\",\n            \"target\": \"CVE-2014-8125\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jbpm-flow\",\n            \"target\": \"CVE-2017-7545\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"jbpm-flow\",\n            \"target\": \"CVE-2021-20306\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"protobuf-java\",\n            \"target\": \"CVE-2021-22569\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"protobuf-java\",\n            \"target\": \"CVE-2022-3171\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"protobuf-java\",\n            \"target\": \"CVE-2022-3509\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"protobuf-java\",\n            \"target\": \"CVE-2022-3510\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"protobuf-java\",\n            \"target\": \"CVE-2024-7254\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"guava\",\n            \"target\": \"CVE-2018-10237\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"guava\",\n            \"target\": \"CVE-2020-8908\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.3\n        },\n        {\n            \"source\": \"guava\",\n            \"target\": \"CVE-2023-2976\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"commons-beanutils\",\n            \"target\": \"CVE-2014-0114\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"commons-beanutils\",\n            \"target\": \"CVE-2019-10086\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3\n        },\n        {\n            \"source\": \"commons-beanutils\",\n            \"target\": \"CVE-2025-48734\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackrabbit-core\",\n            \"target\": \"CVE-2009-0026\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jackrabbit-core\",\n            \"target\": \"CVE-2015-1833\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jackrabbit-core\",\n            \"target\": \"CVE-2016-6801\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackrabbit-core\",\n            \"target\": \"CVE-2023-37895\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackrabbit-core\",\n            \"target\": \"CVE-2025-53689\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackrabbit-core\",\n            \"target\": \"CVE-2025-58782\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"tika-core\",\n            \"target\": \"CVE-2015-3271\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"tika-core\",\n            \"target\": \"CVE-2016-4434\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"tika-core\",\n            \"target\": \"CVE-2016-6809\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"tika-core\",\n            \"target\": \"CVE-2018-11761\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tika-core\",\n            \"target\": \"CVE-2018-11762\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"tika-core\",\n            \"target\": \"CVE-2018-11796\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tika-core\",\n            \"target\": \"CVE-2018-1335\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"tika-core\",\n            \"target\": \"CVE-2018-1338\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"tika-core\",\n            \"target\": \"CVE-2018-1339\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"tika-core\",\n            \"target\": \"CVE-2018-17197\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"tika-core\",\n            \"target\": \"CVE-2018-8017\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"tika-core\",\n            \"target\": \"CVE-2019-10088\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"tika-core\",\n            \"target\": \"CVE-2019-10093\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"tika-core\",\n            \"target\": \"CVE-2019-10094\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"tika-core\",\n            \"target\": \"CVE-2020-1950\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"tika-core\",\n            \"target\": \"CVE-2020-1951\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"tika-core\",\n            \"target\": \"CVE-2020-9489\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"tika-core\",\n            \"target\": \"CVE-2021-28657\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"tika-core\",\n            \"target\": \"CVE-2021-33813\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tika-core\",\n            \"target\": \"CVE-2022-25169\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"tika-core\",\n            \"target\": \"CVE-2022-30126\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"tika-core\",\n            \"target\": \"CVE-2022-30973\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"tika-core\",\n            \"target\": \"CVE-2022-33879\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.3\n        },\n        {\n            \"source\": \"tika-core\",\n            \"target\": \"CVE-2025-54988\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.4\n        },\n        {\n            \"source\": \"tika-core\",\n            \"target\": \"CVE-2025-66516\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.4\n        },\n        {\n            \"source\": \"derby\",\n            \"target\": \"CVE-2005-4849\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"derby\",\n            \"target\": \"CVE-2006-7216\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"derby\",\n            \"target\": \"CVE-2006-7217\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"derby\",\n            \"target\": \"CVE-2009-4269\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"derby\",\n            \"target\": \"CVE-2010-2232\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"derby\",\n            \"target\": \"CVE-2015-1832\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"derby\",\n            \"target\": \"CVE-2018-1313\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"derby\",\n            \"target\": \"CVE-2022-46337\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"spring-integration-file\",\n            \"target\": \"CVE-2019-3772\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"spring-integration-file\",\n            \"target\": \"CVE-2020-5413\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"groovy-all\",\n            \"target\": \"CVE-2015-3253\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"groovy-all\",\n            \"target\": \"CVE-2016-6814\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"groovy-all\",\n            \"target\": \"CVE-2020-17521\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2009-5045\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2009-5046\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2015-2080\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2016-4800\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2017-7656\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2017-7657\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2017-7658\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2017-9735\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2018-12536\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2018-12538\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2018-12545\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2019-10241\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2019-10246\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2019-10247\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2019-17632\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2019-17638\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.4\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2020-27216\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2020-27218\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2020-27223\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.2\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2021-28163\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2021-28164\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2021-28165\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2021-28169\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2021-34428\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.9\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2021-34429\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2022-2047\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2022-2048\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2022-2191\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2023-26048\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2023-26049\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.4\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2023-36478\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2023-36479\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.5\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2023-40167\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2023-41900\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.5\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2024-13009\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.2\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2024-22201\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2024-6762\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2024-6763\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2024-8184\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2024-9823\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2025-1948\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"grpc-api\",\n            \"target\": \"CVE-2017-7860\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"grpc-api\",\n            \"target\": \"CVE-2017-7861\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"grpc-api\",\n            \"target\": \"CVE-2017-8359\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"grpc-api\",\n            \"target\": \"CVE-2017-9431\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"grpc-api\",\n            \"target\": \"CVE-2020-7768\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"grpc-api\",\n            \"target\": \"CVE-2023-1428\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"grpc-api\",\n            \"target\": \"CVE-2023-32731\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.4\n        },\n        {\n            \"source\": \"grpc-api\",\n            \"target\": \"CVE-2023-32732\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"grpc-api\",\n            \"target\": \"CVE-2023-33953\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"grpc-api\",\n            \"target\": \"CVE-2023-4785\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"grpc-api\",\n            \"target\": \"CVE-2024-11407\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"grpc-api\",\n            \"target\": \"CVE-2024-7246\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"protobuf-java\",\n            \"target\": \"CVE-2021-22569\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"protobuf-java\",\n            \"target\": \"CVE-2022-3171\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"protobuf-java\",\n            \"target\": \"CVE-2022-3509\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"protobuf-java\",\n            \"target\": \"CVE-2022-3510\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"protobuf-java\",\n            \"target\": \"CVE-2024-7254\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"gson\",\n            \"target\": \"CVE-2022-25647\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.7\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2000-0672\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2000-0759\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2000-0760\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2000-1210\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2001-0590\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2001-0829\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2001-0917\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2001-1563\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2002-0682\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2002-0935\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2002-0936\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2002-1148\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2002-1394\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2002-1567\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2002-1895\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2002-2006\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2002-2007\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2002-2008\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2002-2009\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2002-2272\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2003-0042\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2003-0043\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2003-0044\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2003-0045\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2003-0866\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2005-0808\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2005-2090\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2005-3164\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2005-3510\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2005-4703\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2005-4836\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2005-4838\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2006-3835\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2006-7195\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2006-7196\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2006-7197\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2007-0450\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2007-1355\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2007-1358\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2007-1858\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2007-2449\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2007-2450\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2007-3382\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2007-3383\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2007-3384\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2007-3385\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2007-3386\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2007-4724\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2007-5333\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2007-5342\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2007-5461\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2007-6286\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2008-0002\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2008-0128\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2008-1232\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2008-1947\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2008-2370\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2008-2938\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2008-3271\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2008-4308\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2008-5515\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2008-5519\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2009-0033\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2009-0580\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2009-0781\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2009-0783\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.2\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2009-2693\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2009-2696\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2009-2901\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2009-2902\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2009-3548\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2010-1157\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2010-2227\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2010-3718\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2010-4172\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2010-4312\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2011-0013\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2011-0534\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2011-1088\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2011-1183\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2011-1184\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2011-1419\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2011-1475\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2011-1582\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2011-2204\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2011-2481\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2011-2526\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2011-2729\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2011-3190\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2011-3375\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2011-3376\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2011-4858\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2011-5062\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2011-5063\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2011-5064\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2012-0022\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2012-2733\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2012-3544\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2012-3546\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2012-4431\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2012-4534\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2012-5568\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2012-5885\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2012-5886\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2012-5887\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2013-0346\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2013-2067\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2013-2071\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2013-2185\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2013-4286\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2013-4322\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2013-4444\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2013-4590\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2013-6357\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2014-0033\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2014-0050\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2014-0075\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2014-0095\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2014-0096\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2014-0099\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2014-0119\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2014-0227\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2014-0230\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2014-7810\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2015-5174\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2015-5345\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2015-5346\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2015-5351\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2016-0706\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2016-0714\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2016-0762\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2016-0763\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2016-1240\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2016-3092\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2016-5018\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2016-5388\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2016-5425\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2016-6325\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2016-6794\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2016-6796\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2016-6797\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2016-6816\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.1\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2016-6817\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2016-8735\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2016-8745\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2016-8747\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2016-9774\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2016-9775\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2017-12615\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2017-12616\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2017-12617\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2017-15706\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2017-5647\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2017-5648\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2017-5650\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2017-5651\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2017-5664\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2017-7674\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2017-7675\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2018-11784\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2018-1304\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2018-1305\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2018-1336\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2018-8014\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2018-8034\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2018-8037\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2019-0199\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2019-0221\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2019-0232\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2019-10072\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2019-12418\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2019-17563\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2019-17569\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2019-2684\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2020-11996\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2020-13934\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2020-13935\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2020-13943\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2020-17527\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2020-1935\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2020-1938\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2020-8022\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.7\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2020-9484\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2021-24122\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2021-25122\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2021-25329\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2021-30639\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2021-30640\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2021-33037\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2021-41079\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2021-42340\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2021-43980\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2022-23181\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2022-25762\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2022-29885\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2022-34305\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2022-42252\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2022-45143\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2023-28708\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2023-28709\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2023-34981\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2023-41080\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2023-42794\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2023-42795\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2023-45648\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2023-46589\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2024-21733\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2024-23672\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2024-24549\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2024-34750\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2024-38286\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2024-50379\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2024-52316\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2024-52317\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2024-52318\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2024-54677\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2024-56337\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2025-24813\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2025-31650\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2025-31651\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2025-46701\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2025-48988\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2025-48989\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2025-49124\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.4\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2025-49125\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2025-52434\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2025-52520\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2025-53506\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2025-55668\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2025-55752\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2025-55754\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.6\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2025-61795\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2009-5045\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2009-5046\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2015-2080\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2016-4800\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2017-7656\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2017-7657\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2017-7658\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2017-9735\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2018-12536\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2018-12538\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2018-12545\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2019-10241\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2019-10246\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2019-10247\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2019-17632\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2019-17638\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.4\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2020-27216\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2020-27218\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2020-27223\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.2\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2021-28163\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2021-28164\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2021-28165\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2021-28169\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2021-34428\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.9\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2021-34429\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2022-2047\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2022-2048\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2022-2191\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2023-26048\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2023-26049\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.4\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2023-36478\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2023-36479\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2000-0759\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2023-40167\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2023-41900\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.5\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2024-13009\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.2\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2024-22201\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2024-6762\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2024-6763\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2024-8184\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2024-9823\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2025-1948\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-boot-starter-websocket\",\n            \"target\": \"CVE-2017-8046\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"spring-boot-starter-websocket\",\n            \"target\": \"CVE-2018-1196\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"spring-boot-starter-websocket\",\n            \"target\": \"CVE-2021-26987\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"spring-boot-starter-websocket\",\n            \"target\": \"CVE-2022-27772\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"spring-boot-starter-websocket\",\n            \"target\": \"CVE-2023-20873\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"spring-boot-starter-websocket\",\n            \"target\": \"CVE-2023-20883\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-boot-starter-websocket\",\n            \"target\": \"CVE-2023-22602\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-boot-starter-websocket\",\n            \"target\": \"CVE-2023-34055\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"log4j-to-slf4j\",\n            \"target\": \"CVE-2017-5645\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"log4j-to-slf4j\",\n            \"target\": \"CVE-2019-17571\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"log4j-to-slf4j\",\n            \"target\": \"CVE-2020-9488\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7\n        },\n        {\n            \"source\": \"log4j-to-slf4j\",\n            \"target\": \"CVE-2020-9493\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"log4j-to-slf4j\",\n            \"target\": \"CVE-2021-4104\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"log4j-to-slf4j\",\n            \"target\": \"CVE-2021-44228\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 10\n        },\n        {\n            \"source\": \"log4j-to-slf4j\",\n            \"target\": \"CVE-2021-44832\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.6\n        },\n        {\n            \"source\": \"log4j-to-slf4j\",\n            \"target\": \"CVE-2021-45046\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9\n        },\n        {\n            \"source\": \"log4j-to-slf4j\",\n            \"target\": \"CVE-2021-45105\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"log4j-to-slf4j\",\n            \"target\": \"CVE-2022-23302\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"log4j-to-slf4j\",\n            \"target\": \"CVE-2022-23305\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"log4j-to-slf4j\",\n            \"target\": \"CVE-2022-23307\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"log4j-to-slf4j\",\n            \"target\": \"CVE-2023-26464\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"log4j-to-slf4j\",\n            \"target\": \"CVE-2025-68161\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2000-0672\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2000-0760\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2000-1210\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2001-0590\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2001-0829\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2001-0917\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2001-1563\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2002-0682\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2002-0935\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2002-0936\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2002-1148\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2002-1394\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2002-1567\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2002-1895\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2002-2006\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2002-2007\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2002-2008\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2002-2009\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2002-2272\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2003-0042\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2003-0043\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2003-0044\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2003-0045\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2003-0866\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2005-0808\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2005-2090\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2005-3164\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2005-3510\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2005-4703\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2005-4836\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2005-4838\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2006-3835\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2006-7195\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2006-7196\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2006-7197\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2007-0450\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2002-2006\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2007-1355\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2007-1358\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2007-1858\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2007-2449\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2007-2450\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2007-3382\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2007-3383\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2007-3384\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2007-3385\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2007-3386\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2007-4724\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2007-5333\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2007-5342\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2007-5461\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2007-6286\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2008-0002\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2008-0128\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2008-1232\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2008-1947\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2008-2370\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2008-2938\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2008-3271\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2008-4308\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2008-5515\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2008-5519\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2009-0033\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2009-0580\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2009-0781\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2009-0783\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.2\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2009-2693\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2009-2696\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2009-2901\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2009-2902\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2009-3548\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2010-1157\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2010-2227\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2010-3718\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2010-4172\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2010-4312\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2011-0013\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2011-0534\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2011-1088\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2011-1183\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2011-1184\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2011-1419\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2011-1475\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2011-1582\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2011-2204\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2011-2481\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2011-2526\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2011-2729\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2011-3190\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2011-3375\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2011-3376\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2011-4858\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2011-5062\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2011-5063\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2011-5064\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2012-0022\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2012-2733\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2012-3544\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2012-3546\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2012-4431\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2012-4534\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2012-5568\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2012-5885\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2012-5886\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2012-5887\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2013-0346\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2013-2067\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2013-2071\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2013-2185\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2013-4286\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2013-4322\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2013-4444\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2013-4590\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2013-6357\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2014-0033\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2014-0050\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2014-0075\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2014-0095\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2014-0096\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2014-0099\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2014-0119\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2014-0227\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2014-0230\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2014-7810\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2015-5174\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2015-5345\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2015-5346\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2015-5351\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2016-0706\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2016-0714\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2016-0762\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2016-0763\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2016-1240\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2016-3092\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2016-5018\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2016-5388\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2016-5425\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2016-6325\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2016-6794\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2016-6796\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2016-6797\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2016-6816\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.1\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2016-6817\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2016-8735\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2016-8745\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2016-8747\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2016-9774\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2016-9775\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2017-12615\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2017-12616\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2017-12617\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2017-15706\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2017-5647\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2017-5648\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2017-5650\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2017-5651\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2017-5664\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2017-7674\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2017-7675\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2018-11784\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2018-1304\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2018-1305\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2018-1336\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2018-8014\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2018-8034\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2018-8037\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2019-0199\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2019-0221\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2019-0232\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2019-10072\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2019-12418\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2019-17563\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2019-17569\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2019-2684\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2020-11996\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2020-13934\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2020-13935\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2020-13943\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2020-17527\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2020-1935\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2020-1938\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2020-8022\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.7\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2020-9484\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2021-24122\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2021-25122\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2021-25329\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2021-30639\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2021-30640\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2021-33037\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2021-41079\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2021-42340\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2021-43980\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2022-23181\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2022-25762\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2022-29885\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2022-34305\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2022-42252\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2022-45143\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2023-28708\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2023-28709\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2023-34981\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2023-41080\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2023-42794\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2023-42795\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2023-45648\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2023-46589\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2024-21733\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2024-23672\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2024-24549\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2024-34750\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2024-38286\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2024-50379\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2024-52316\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2024-52317\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2024-52318\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2024-54677\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2024-56337\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2025-24813\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2025-31650\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2025-31651\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2025-46701\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2025-48988\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2025-48989\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2025-49124\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.4\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2025-49125\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2025-52434\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2025-52520\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2025-53506\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2025-55668\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2025-55752\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2025-55754\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.6\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2025-61795\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2011-2894\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2013-4152\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2013-6429\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2013-7315\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2014-0054\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2014-3625\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2015-0201\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2015-3192\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2016-1000027\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2016-9878\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2018-11039\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2018-11040\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2018-1199\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2018-1257\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2018-1258\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2018-1270\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2018-1271\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2018-1272\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2018-1275\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2018-15756\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2018-15801\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.4\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2020-5397\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2020-5398\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2020-5421\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2021-22060\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2021-22096\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2021-22118\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2022-22950\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2022-22965\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2022-22968\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2022-22970\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2022-22971\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2023-20860\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2023-20861\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2023-20863\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2023-34053\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2024-22233\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2024-22259\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2024-38808\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"spring-messaging\",\n            \"target\": \"CVE-2024-38820\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2011-2894\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2013-4152\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2013-6429\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2013-7315\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2014-0054\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2014-3625\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2015-0201\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2015-3192\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2016-1000027\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2016-9878\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2018-11039\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2018-11040\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2018-1199\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2018-1257\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2018-1258\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2018-1270\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2018-1271\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2018-1272\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2018-1275\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2018-15756\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2018-15801\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.4\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2020-5397\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2020-5398\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2020-5421\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2021-22060\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2021-22096\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2021-22118\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2022-22950\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2022-22965\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2022-22968\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2022-22970\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2022-22971\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2023-20860\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2023-20861\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2023-20863\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2023-34053\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2024-22233\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2024-22259\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2024-38808\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"spring-expression\",\n            \"target\": \"CVE-2024-38820\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2009-5045\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2009-5046\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2015-2080\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2016-4800\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2017-7656\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2017-7657\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2017-7658\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2017-9735\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2018-12536\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2018-12538\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2018-12545\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2019-10241\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2019-10246\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2019-10247\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2019-17632\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2019-17638\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.4\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2020-27216\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2020-27218\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2020-27223\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.2\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2021-28163\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2021-28164\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2021-28165\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2021-28169\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2021-34428\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.9\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2021-34429\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2022-2047\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2022-2048\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2022-2191\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2023-26048\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2023-26049\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.4\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2023-36478\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2023-36479\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.5\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2023-40167\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2023-41900\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.5\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2024-13009\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.2\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2024-22201\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2024-6762\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2024-6763\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2024-8184\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2024-9823\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2025-1948\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2009-5045\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2009-5046\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2015-2080\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2016-4800\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2017-7656\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2017-7657\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2017-7658\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2017-9735\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2018-12536\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2018-12538\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2018-12545\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2019-10241\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2019-10246\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2019-10247\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2019-17632\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2019-17638\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.4\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2020-27216\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2020-27218\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2020-27223\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.2\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2021-28163\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2021-28164\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2021-28165\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2021-28169\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2021-34428\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.9\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2021-34429\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2022-2047\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2002-2007\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2022-2048\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2022-2191\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2023-26048\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2023-26049\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.4\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2023-36478\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2023-36479\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.5\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2023-40167\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2023-41900\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.5\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2024-13009\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.2\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2024-22201\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2024-6762\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2024-6763\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2024-8184\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2024-9823\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2025-1948\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2009-5045\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2009-5046\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2015-2080\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2016-4800\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2017-7656\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2017-7657\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2017-7658\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2017-9735\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2018-12536\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2018-12538\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2018-12545\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2019-10241\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2019-10246\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2019-10247\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2019-17632\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2019-17638\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.4\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2020-27216\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2020-27218\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2020-27223\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.2\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2021-28163\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2021-28164\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2021-28165\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2021-28169\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2021-34428\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.9\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2021-34429\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2022-2047\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2022-2048\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2022-2191\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2023-26048\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2023-26049\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.4\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2023-36478\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2023-36479\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2023-40167\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2023-41900\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2024-13009\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.2\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2024-22201\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2024-6762\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2024-6763\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2024-8184\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2024-9823\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2025-1948\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"commons-io\",\n            \"target\": \"CVE-2021-29425\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8\n        },\n        {\n            \"source\": \"commons-io\",\n            \"target\": \"CVE-2024-47554\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2017-18640\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2022-1471\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.3\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2022-25857\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2022-38749\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2022-38750\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2022-38751\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2022-38752\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2022-41854\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.8\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2014-3488\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2023-44487\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2015-2156\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2016-4970\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2019-20444\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2021-21290\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.2\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2022-24823\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2022-41915\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2025-24970\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2025-58057\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-resolver-dns\",\n            \"target\": \"CVE-2015-2156\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-resolver-dns\",\n            \"target\": \"CVE-2016-4970\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-resolver-dns\",\n            \"target\": \"CVE-2019-20444\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"netty-resolver-dns\",\n            \"target\": \"CVE-2014-3488\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2019-20445\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"netty-resolver-dns\",\n            \"target\": \"CVE-2019-20445\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2021-21295\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2021-21409\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2021-37137\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2023-34462\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2025-25193\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2025-55163\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2025-67735\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2020-11612\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-resolver-dns\",\n            \"target\": \"CVE-2020-11612\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-resolver-dns\",\n            \"target\": \"CVE-2021-21290\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.2\n        },\n        {\n            \"source\": \"netty-resolver-dns\",\n            \"target\": \"CVE-2022-24823\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"netty-resolver-dns\",\n            \"target\": \"CVE-2022-41915\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"netty-resolver-dns\",\n            \"target\": \"CVE-2025-24970\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-resolver-dns\",\n            \"target\": \"CVE-2025-58057\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-dataformat-xml\",\n            \"target\": \"CVE-2016-3720\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-dataformat-xml\",\n            \"target\": \"CVE-2016-7051\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2000-0672\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2000-0759\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2000-0760\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2000-1210\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2001-0590\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2001-0829\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2001-0917\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2001-1563\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2002-0682\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2002-0935\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2002-0936\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2002-1148\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2002-1394\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2002-1567\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2002-1895\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"netty-resolver-dns\",\n            \"target\": \"CVE-2021-21409\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"netty-resolver-dns\",\n            \"target\": \"CVE-2021-37137\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-resolver-dns\",\n            \"target\": \"CVE-2023-44487\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-resolver-dns\",\n            \"target\": \"CVE-2025-25193\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"netty-resolver-dns\",\n            \"target\": \"CVE-2025-55163\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-resolver-dns\",\n            \"target\": \"CVE-2025-58056\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-resolver-dns\",\n            \"target\": \"CVE-2025-67735\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2002-2272\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2003-0042\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2003-0043\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2003-0044\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2003-0045\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2003-0866\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2005-0808\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2005-2090\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2005-3164\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2005-3510\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2005-4703\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2005-4836\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2005-4838\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2006-3835\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2006-7195\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2006-7196\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2006-7197\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2007-0450\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2007-1355\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2007-1358\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2007-1858\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2007-2449\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2007-2450\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2007-3382\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2007-3383\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2007-3384\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2007-3385\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2007-3386\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2007-4724\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2007-5333\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2007-5342\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2007-5461\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2007-6286\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2008-0002\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2008-0128\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2008-1232\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2008-1947\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2008-2370\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2008-2938\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2008-3271\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2008-4308\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2008-5515\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2008-5519\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2009-0033\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2009-0580\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2009-0781\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2009-0783\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.2\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2009-2693\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2009-2696\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2009-2901\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2009-2902\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2009-3548\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2010-1157\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2010-2227\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2010-3718\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2010-4172\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2010-4312\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2011-0013\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2011-0534\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2011-1088\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2011-1183\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2011-1184\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2011-1419\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2011-1475\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2011-1582\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2011-2204\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2011-2481\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2011-2526\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2011-2729\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2011-3190\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2011-3375\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2011-3376\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2011-4858\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2011-5062\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2011-5063\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2011-5064\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2012-0022\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2012-2733\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2012-3544\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2012-3546\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2012-4431\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2012-4534\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2012-5568\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2012-5885\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2012-5886\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2012-5887\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2013-0346\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2013-2067\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2013-2071\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2013-2185\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2013-4286\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2013-4322\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2013-4444\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2013-4590\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2013-6357\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2014-0033\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2014-0050\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2014-0075\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2014-0095\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2014-0096\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2014-0099\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2014-0119\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2014-0227\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2014-0230\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2014-7810\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2015-5174\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2015-5345\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2015-5346\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2015-5351\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2016-0706\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2016-0714\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2016-0762\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2016-0763\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2016-1240\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2016-3092\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2016-5018\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2016-5388\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2016-5425\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2016-6325\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2016-6794\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2016-6796\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2016-6797\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2016-6816\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.1\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2016-6817\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2016-8735\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2016-8745\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2016-8747\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2016-9774\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2016-9775\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2017-12615\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2017-12616\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2017-12617\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2017-15706\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2017-5647\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2017-5648\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2017-5650\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2017-5651\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2017-5664\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2017-7674\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2017-7675\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2018-11784\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2018-1304\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2018-1305\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2018-1336\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2018-8014\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2018-8034\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2018-8037\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2019-0199\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2019-0221\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2019-0232\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2019-10072\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2019-12418\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2019-17563\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2019-17569\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2019-2684\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2020-11996\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2020-13934\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2020-13935\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2020-13943\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2020-17527\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2020-1935\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2020-1938\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2020-8022\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.7\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2020-9484\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2021-24122\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2021-25122\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2021-25329\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2021-30639\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2021-30640\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2021-33037\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2021-41079\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2021-42340\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2021-43980\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2022-23181\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2022-25762\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2022-29885\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2022-34305\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2022-42252\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2022-45143\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2023-28708\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2023-28709\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2023-34981\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2023-41080\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2023-42794\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2023-42795\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2023-45648\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2023-46589\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2024-21733\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2024-23672\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2024-24549\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2024-34750\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2024-38286\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2024-50379\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2024-52316\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2024-52317\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2024-52318\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2024-54677\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2024-56337\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2025-24813\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2025-31650\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2025-31651\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2025-46701\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2025-48988\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2025-48989\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2025-49124\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.4\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2025-49125\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2025-52434\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2025-52520\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2025-53506\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2025-55668\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2025-55752\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2025-55754\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.6\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2025-61795\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"spring-security-config\",\n            \"target\": \"CVE-2011-2894\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"spring-security-config\",\n            \"target\": \"CVE-2016-9879\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-security-config\",\n            \"target\": \"CVE-2017-4995\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"spring-security-config\",\n            \"target\": \"CVE-2018-1199\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"spring-security-config\",\n            \"target\": \"CVE-2019-11272\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3\n        },\n        {\n            \"source\": \"spring-security-config\",\n            \"target\": \"CVE-2019-3795\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"spring-security-config\",\n            \"target\": \"CVE-2020-5408\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-security-config\",\n            \"target\": \"CVE-2021-22112\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"spring-security-config\",\n            \"target\": \"CVE-2021-22119\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-security-config\",\n            \"target\": \"CVE-2022-22976\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"spring-security-config\",\n            \"target\": \"CVE-2022-22978\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"spring-security-config\",\n            \"target\": \"CVE-2022-31690\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"spring-security-config\",\n            \"target\": \"CVE-2022-31692\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"spring-security-config\",\n            \"target\": \"CVE-2023-20862\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3\n        },\n        {\n            \"source\": \"spring-security-config\",\n            \"target\": \"CVE-2023-34034\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"spring-security-config\",\n            \"target\": \"CVE-2023-34035\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3\n        },\n        {\n            \"source\": \"spring-security-config\",\n            \"target\": \"CVE-2023-34042\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.1\n        },\n        {\n            \"source\": \"spring-security-config\",\n            \"target\": \"CVE-2024-22234\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.4\n        },\n        {\n            \"source\": \"spring-security-config\",\n            \"target\": \"CVE-2024-38810\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2017-18640\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2022-1471\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.3\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2022-25857\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2022-38749\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2022-38750\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2022-38751\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2022-38752\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2022-41854\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.8\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2010-2076\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2011-2487\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2012-0803\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2012-2378\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2012-2379\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2012-3451\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2012-5575\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2012-5633\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2012-5786\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2013-0239\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2013-2160\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2014-0034\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2014-0035\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2014-0109\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2014-0110\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2014-3584\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2014-3623\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2015-5253\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2016-6812\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2016-8739\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2017-12624\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2017-3156\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2017-5653\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2017-5656\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2018-8039\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2019-12406\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2019-12419\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2019-12423\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2019-17573\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2020-13954\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2020-1954\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2021-22696\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2021-30468\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2021-40690\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2022-46363\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2022-46364\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2024-28752\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.3\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2024-29736\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2024-32007\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2024-41172\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2025-23184\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2025-48795\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.6\n        },\n        {\n            \"source\": \"cxf-rt-frontend-jaxrs\",\n            \"target\": \"CVE-2025-48913\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"httpasyncclient\",\n            \"target\": \"CVE-2014-3577\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"guava\",\n            \"target\": \"CVE-2018-10237\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"guava\",\n            \"target\": \"CVE-2020-8908\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.3\n        },\n        {\n            \"source\": \"guava\",\n            \"target\": \"CVE-2023-2976\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"target\": \"CVE-2009-5005\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"target\": \"CVE-2009-5006\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"target\": \"CVE-2010-3083\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"target\": \"CVE-2011-3620\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"target\": \"CVE-2012-2145\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"target\": \"CVE-2012-3467\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"target\": \"CVE-2012-4446\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"target\": \"CVE-2012-4458\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"target\": \"CVE-2012-4459\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"target\": \"CVE-2012-4460\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"target\": \"CVE-2013-1909\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"target\": \"CVE-2014-3629\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"target\": \"CVE-2015-0203\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"target\": \"CVE-2015-0223\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"target\": \"CVE-2015-0224\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"target\": \"CVE-2019-0223\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.4\n        },\n        {\n            \"source\": \"derby\",\n            \"target\": \"CVE-2005-4849\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"derby\",\n            \"target\": \"CVE-2006-7216\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"derby\",\n            \"target\": \"CVE-2006-7217\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"derby\",\n            \"target\": \"CVE-2009-4269\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"derby\",\n            \"target\": \"CVE-2010-2232\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"derby\",\n            \"target\": \"CVE-2015-1832\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"derby\",\n            \"target\": \"CVE-2018-1313\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"derby\",\n            \"target\": \"CVE-2022-46337\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2009-5045\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2009-5046\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2015-2080\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2016-4800\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2017-7656\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2017-7657\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2017-7658\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2017-9735\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2018-12536\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2018-12538\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2018-12545\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2019-10241\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2019-10246\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2019-10247\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2019-17632\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2019-17638\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.4\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2020-27216\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2020-27218\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2020-27223\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.2\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2021-28163\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2021-28164\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2021-28165\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2021-28169\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2021-34428\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.9\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2021-34429\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2022-2047\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2022-2048\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2022-2191\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2023-26048\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2023-26049\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.4\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2023-36478\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2023-36479\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.5\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2023-40167\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2023-41900\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.5\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2024-13009\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.2\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2024-22201\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2024-6762\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2024-6763\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2024-8184\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2024-9823\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2025-1948\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2015-2156\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2016-4970\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2019-20444\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2021-21290\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.2\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2022-24823\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2022-41915\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2025-24970\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2014-3488\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2019-20445\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2021-21295\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2021-21409\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2021-37137\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-server\",\n            \"target\": \"CVE-2023-44487\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2023-44487\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2024-47535\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2025-25193\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2020-11612\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2025-58057\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"wss4j-ws-security-dom\",\n            \"target\": \"CVE-2011-2487\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"wss4j-ws-security-dom\",\n            \"target\": \"CVE-2014-3623\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"wss4j-ws-security-dom\",\n            \"target\": \"CVE-2015-0226\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"wss4j-ws-security-dom\",\n            \"target\": \"CVE-2015-0227\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"wss4j-ws-security-dom\",\n            \"target\": \"CVE-2020-13936\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2017-18640\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2022-1471\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.3\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2022-25857\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2022-38749\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2022-38750\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2022-38751\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2022-38752\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"snakeyaml\",\n            \"target\": \"CVE-2022-41854\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.8\n        },\n        {\n            \"source\": \"spring-boot-starter-log4j\",\n            \"target\": \"CVE-2017-8046\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"spring-boot-starter-log4j\",\n            \"target\": \"CVE-2018-1196\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"spring-boot-starter-log4j\",\n            \"target\": \"CVE-2021-26987\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"spring-boot-starter-log4j\",\n            \"target\": \"CVE-2022-27772\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"spring-boot-starter-log4j\",\n            \"target\": \"CVE-2023-20873\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"spring-boot-starter-log4j\",\n            \"target\": \"CVE-2023-20883\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-boot-starter-log4j\",\n            \"target\": \"CVE-2023-22602\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-boot-starter-log4j\",\n            \"target\": \"CVE-2023-34055\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2000-0672\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2000-0759\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2000-0760\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2000-1210\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2001-0590\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2001-0829\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2001-0917\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2001-1563\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2002-0682\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2002-0935\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2025-67735\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2002-0936\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2002-1148\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2002-1394\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2002-1567\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2002-1895\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2002-2006\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2002-2007\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2002-2008\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2002-2009\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2002-2272\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2003-0042\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2003-0043\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2003-0044\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2003-0045\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2003-0866\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2005-0808\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2005-2090\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2005-3164\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2005-3510\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2005-4703\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2005-4836\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2005-4838\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2006-3835\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2006-7195\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2006-7196\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2006-7197\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2007-0450\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2007-1355\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2007-1358\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2007-1858\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2007-2449\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2007-2450\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2007-3382\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2007-3383\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2007-3384\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2007-3385\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2007-3386\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2007-4724\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2007-5333\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2007-5342\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2007-5461\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2007-6286\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2008-0002\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2008-0128\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2008-1232\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2008-1947\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2008-2370\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2008-2938\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2008-3271\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2008-4308\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2008-5515\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2008-5519\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2009-0033\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2009-0580\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2009-0781\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2009-0783\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.2\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2009-2693\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2009-2696\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2009-2901\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2009-2902\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2009-3548\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2010-1157\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2010-2227\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2010-3718\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2010-4172\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2010-4312\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-0013\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-0534\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-1088\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-1183\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-1184\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-1419\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-1475\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-1582\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-2204\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-2481\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-2526\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-2729\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-3190\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-3375\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-3376\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-4858\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-5062\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-5063\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-5064\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2012-0022\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2012-2733\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2012-3544\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2012-3546\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2012-4431\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2012-4534\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2012-5568\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2012-5885\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2012-5886\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2012-5887\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2013-0346\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2013-2067\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2013-2071\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2013-2185\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2013-4286\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2013-4322\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2013-4444\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2013-4590\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2013-6357\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2014-0033\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2014-0050\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2014-0075\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2014-0095\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2014-0096\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2014-0099\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2014-0119\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2014-0227\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2014-0230\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2014-7810\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2015-5174\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2015-5345\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2015-5346\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2015-5351\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-0706\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-0714\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-0762\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-0763\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-1240\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-3092\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-5018\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-5388\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-5425\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-6325\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-6794\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-6796\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-6797\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-6816\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.1\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-6817\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-8735\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-8745\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-8747\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-9774\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-9775\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2017-12615\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2017-12616\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2017-12617\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2017-15706\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2017-5647\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2017-5648\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2017-5650\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2017-5651\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2017-5664\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2017-7674\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2017-7675\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2018-11784\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2018-1304\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2018-1305\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2018-1336\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2018-8014\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2018-8034\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2018-8037\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2019-0199\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2019-0221\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2019-0232\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2019-10072\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2019-12418\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2019-17563\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2019-17569\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2019-2684\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2020-11996\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2020-13934\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2020-13935\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2020-13943\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2020-17527\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2020-1935\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2020-1938\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2020-8022\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.7\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2020-9484\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2021-24122\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2021-25122\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2021-25329\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2021-30639\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2021-30640\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2021-33037\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2021-41079\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2021-42340\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2021-43980\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2022-23181\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2022-25762\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2022-29885\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2022-34305\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2022-42252\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2022-45143\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2023-28708\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2023-28709\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2023-34981\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2023-41080\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2023-42794\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2023-42795\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2023-45648\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2023-46589\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2024-21733\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2024-23672\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2024-24549\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2024-34750\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2024-38286\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2024-50379\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2024-52316\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2024-52317\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2024-52318\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2024-54677\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2024-56337\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2025-24813\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2025-31650\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2025-31651\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2025-46701\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2025-48988\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2025-48989\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2025-49124\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.4\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2025-49125\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2025-52434\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2025-52520\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2025-53506\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2025-55668\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2025-55752\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2025-55754\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.6\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2025-61795\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2000-0672\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2000-0759\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2000-0760\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2000-1210\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2001-0590\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2001-0829\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2001-0917\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2001-1563\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2002-0682\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2002-0935\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2002-0936\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2002-1148\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2002-1394\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2002-1567\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2002-1895\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2002-2006\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2002-2007\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2002-2008\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2002-2009\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2002-2272\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2003-0042\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2003-0043\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2003-0044\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2003-0045\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2003-0866\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2005-0808\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2005-2090\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2005-3164\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2005-3510\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2005-4703\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2005-4836\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2005-4838\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2006-3835\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2006-7195\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2006-7196\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2006-7197\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2007-0450\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2007-1355\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2007-1358\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2007-1858\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2007-2449\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2007-2450\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2007-3382\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2007-3383\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2007-3384\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2007-3385\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2007-3386\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2007-4724\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2007-5333\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2007-5342\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2007-5461\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2007-6286\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2008-0002\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2008-0128\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2008-1232\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2008-1947\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2008-2370\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2008-2938\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2008-3271\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2008-4308\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2008-5515\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2008-5519\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2009-0033\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2009-0580\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2009-0781\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2009-0783\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.2\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2009-2693\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2009-2696\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2009-2901\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2009-2902\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2009-3548\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2010-1157\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2010-2227\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2010-3718\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2010-4172\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2010-4312\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-0013\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-0534\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-1088\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-1183\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-1184\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-1419\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-1475\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-1582\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-2204\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-2481\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-2526\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-2729\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-3190\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-3375\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-3376\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-4858\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-5062\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-5063\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2011-5064\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2012-0022\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2012-2733\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2012-3544\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2012-3546\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2012-4431\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2012-4534\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2012-5568\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2012-5885\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2012-5886\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2012-5887\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2013-0346\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2013-2067\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2013-2071\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2013-2185\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2013-4286\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2013-4322\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2013-4444\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2013-4590\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2013-6357\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2014-0033\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2014-0050\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2014-0075\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2014-0095\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2014-0096\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2014-0099\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2014-0119\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2014-0227\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2014-0230\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2014-7810\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2015-5174\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2015-5345\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2015-5346\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2015-5351\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-0706\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-0714\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-0762\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-0763\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-1240\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-3092\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-5018\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-5388\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-5425\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-6325\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-6794\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-6796\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-6797\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-6816\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.1\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-6817\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-8735\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-8745\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-8747\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-9774\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2016-9775\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2017-12615\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2017-12616\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2017-12617\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2017-15706\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2017-5647\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2017-5648\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2017-5650\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2017-5651\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2017-5664\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2017-7674\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2017-7675\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2018-11784\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2018-1304\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2018-1305\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2018-1336\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2018-8014\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2018-8034\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2018-8037\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2019-0199\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2019-0221\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2019-0232\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2019-10072\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2019-12418\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2019-17563\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2019-17569\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2019-2684\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2020-11996\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2020-13934\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2020-13935\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2020-13943\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2020-17527\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2020-1935\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2020-1938\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2020-8022\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.7\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2020-9484\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2021-24122\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2021-25122\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2021-25329\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2021-30639\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2021-30640\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2021-33037\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2021-41079\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2021-42340\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2021-43980\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2022-23181\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2022-25762\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2022-29885\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2022-34305\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2022-42252\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2022-45143\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2023-28708\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2023-28709\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2023-34981\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2023-41080\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2023-42794\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2023-42795\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2023-45648\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2023-46589\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2024-21733\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2024-23672\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2024-24549\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2024-34750\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2024-38286\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2024-50379\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2024-52316\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2024-52317\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2024-52318\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2024-54677\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2024-56337\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2025-24813\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2025-31650\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2025-31651\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2025-46701\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2025-48988\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2025-48989\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2025-49124\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.4\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2025-49125\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2025-52434\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2025-52520\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2025-53506\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2025-55668\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2025-55752\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2025-55754\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.6\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2025-61795\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2018-1052\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2007-0556\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2012-5784\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2021-32027\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2016-5424\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.1\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2020-5398\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2020-5398\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2016-6810\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2021-23222\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2004-0977\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-24750\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-24750\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-24750\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-24750\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2016-4970\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-codec-http2\",\n            \"target\": \"CVE-2016-4970\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"pdfbox\",\n            \"target\": \"CVE-2016-2175\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2016-1000027\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"netty-codec-http2\",\n            \"target\": \"CVE-2022-24823\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"activemq-client\",\n            \"target\": \"CVE-2024-32114\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.5\n        },\n        {\n            \"source\": \"netty-codec-http2\",\n            \"target\": \"CVE-2025-24970\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-dataformat-xml\",\n            \"target\": \"CVE-2016-3720\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"protobuf-java\",\n            \"target\": \"CVE-2021-22570\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"spring-tx\",\n            \"target\": \"CVE-2018-1271\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"spring-context\",\n            \"target\": \"CVE-2020-5397\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2017-17485\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2017-17485\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2017-17485\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2017-17485\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"postgresql\",\n            \"target\": \"CVE-2012-0866\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2017-7525\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-11307\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-11307\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-11307\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-11307\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-11307\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-11307\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-10650\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-12023\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-12023\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-14720\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-14720\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-19360\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-19360\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-19362\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-5968\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-7489\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-7489\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-7489\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-12086\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-12086\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-12086\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-12086\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-12086\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-12384\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-12814\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-14379\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-14439\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-14439\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-14439\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-14540\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-14892\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-14893\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-14893\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-14893\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-16943\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-16943\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-16943\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-16943\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-17531\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-10672\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-10672\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-10672\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-10672\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2017-7525\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2017-7525\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2017-7525\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2017-7525\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-12022\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-12022\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-12022\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-12022\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-12022\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-12022\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-12023\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-12023\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-12023\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-12023\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-14720\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-14720\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-14720\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-14720\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-14721\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 10\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-14721\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 10\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-14721\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 10\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-14721\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 10\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-10650\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-14721\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 10\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-19360\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-19360\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-19360\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-19360\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-19361\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-19362\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-19362\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-19362\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-19362\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-19362\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-5968\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-5968\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-5968\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-5968\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-5968\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-7489\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-7489\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2018-7489\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-12086\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-10650\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-12384\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-12384\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-12384\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-12384\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-12384\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-12814\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-12814\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-12814\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-10672\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-12814\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-12814\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-14439\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-14439\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-14439\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-14540\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-17267\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-14540\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-14540\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-14892\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-14892\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-10968\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-14892\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-14892\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-14892\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-14893\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-14893\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-14893\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-16943\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-16943\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-10650\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-17267\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-17267\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-17267\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-20330\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-11111\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-20330\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-20330\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2019-20330\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-10650\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-10650\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-10672\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-11619\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-11619\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-11619\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-11619\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-11619\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-11619\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-11620\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-11620\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-11620\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-11620\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-11620\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-25649\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36182\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-35491\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-35491\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-35491\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-35491\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-35491\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-35491\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36180\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36181\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36182\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36182\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36182\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36182\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36182\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36183\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2022-42004\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36183\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36183\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36183\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36183\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36186\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36186\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36186\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36186\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36186\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2022-42004\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36186\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36188\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36188\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36188\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"netty-resolver-dns\",\n            \"target\": \"CVE-2021-21295\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36188\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36188\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36188\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36189\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36189\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36189\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-36189\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-9547\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-9547\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-9547\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-9547\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-9547\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-9547\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-9548\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-9548\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-9548\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-9548\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2020-9548\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2021-20190\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2021-20190\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2021-20190\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2021-20190\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2021-20190\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2021-46877\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2021-46877\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2021-46877\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2021-46877\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2021-46877\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2022-42004\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2023-35116\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.7\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2023-35116\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.7\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2023-35116\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.7\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2023-35116\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.7\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2023-35116\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.7\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2023-35116\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.7\n        },\n        {\n            \"source\": \"vertx-core\",\n            \"target\": \"CVE-2018-12537\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"vertx-core\",\n            \"target\": \"CVE-2018-12540\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"vertx-core\",\n            \"target\": \"CVE-2018-12542\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"vertx-core\",\n            \"target\": \"CVE-2019-17640\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"vertx-core\",\n            \"target\": \"CVE-2024-8391\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"vertx-core\",\n            \"target\": \"CVE-2025-11965\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2014-0193\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"netty-codec-http2\",\n            \"target\": \"CVE-2014-0193\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2014-0193\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2014-0193\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2014-0193\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"netty-resolver-dns\",\n            \"target\": \"CVE-2014-0193\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2014-0193\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2019-16869\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-codec-http2\",\n            \"target\": \"CVE-2019-16869\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2019-16869\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2019-16869\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2019-16869\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-resolver-dns\",\n            \"target\": \"CVE-2019-16869\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2019-16869\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2020-7238\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-codec-http2\",\n            \"target\": \"CVE-2020-7238\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2020-7238\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2020-7238\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2020-7238\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-resolver-dns\",\n            \"target\": \"CVE-2020-7238\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2020-7238\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2021-37136\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-codec-http2\",\n            \"target\": \"CVE-2021-37136\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2021-37136\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2021-37136\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2021-37136\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-resolver-dns\",\n            \"target\": \"CVE-2021-37136\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2021-37136\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-codec-http2\",\n            \"target\": \"CVE-2021-43797\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2021-43797\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2021-43797\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2021-43797\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"netty-resolver-dns\",\n            \"target\": \"CVE-2021-43797\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2021-43797\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2022-41881\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"netty-codec-http2\",\n            \"target\": \"CVE-2022-41881\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2022-41881\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2022-41881\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2022-41881\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"netty-resolver-dns\",\n            \"target\": \"CVE-2022-41881\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2022-41881\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2023-34462\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2023-34462\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2023-34462\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"netty-resolver-dns\",\n            \"target\": \"CVE-2023-34462\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2023-34462\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"servlet-api\",\n            \"target\": \"CVE-2023-44487\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-util\",\n            \"target\": \"CVE-2023-44487\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"grpc-api\",\n            \"target\": \"CVE-2023-44487\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"annotations-api\",\n            \"target\": \"CVE-2023-44487\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"websocket-client\",\n            \"target\": \"CVE-2023-44487\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-embed-core\",\n            \"target\": \"CVE-2023-44487\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-websocket\",\n            \"target\": \"CVE-2023-44487\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jetty-io\",\n            \"target\": \"CVE-2023-44487\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2023-44487\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"jstl\",\n            \"target\": \"CVE-2023-44487\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2023-44487\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"tomcat-dbcp\",\n            \"target\": \"CVE-2023-44487\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2024-29025\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"netty-codec-http2\",\n            \"target\": \"CVE-2024-29025\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2024-29025\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2024-29025\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2024-29025\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"netty-resolver-dns\",\n            \"target\": \"CVE-2024-29025\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2024-29025\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2024-47535\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"netty-codec-http2\",\n            \"target\": \"CVE-2024-47535\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2024-47535\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"netty-resolver-dns\",\n            \"target\": \"CVE-2024-47535\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2025-55163\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2025-55163\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2025-58056\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2025-58056\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2025-58056\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-common\",\n            \"target\": \"CVE-2025-58056\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2025-58056\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"netty-buffer\",\n            \"target\": \"CVE-2025-67735\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2017-15095\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2017-15095\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2017-15095\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2017-15095\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2017-15095\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"jackson-databind\",\n            \"target\": \"CVE-2017-15095\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        }\n    ]\n}"}],"_postman_id":"d58b9496-8301-4a3d-bf08-77d21232dd4c"}],"id":"89d1aad6-2b8a-4a7f-a9d8-98ad3146a636","_postman_id":"89d1aad6-2b8a-4a7f-a9d8-98ad3146a636","description":""},{"name":"Cves List","item":[{"name":"Cves List Global","id":"fa50f0c3-bcd6-4986-b277-5732f9761fcf","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/sbom/parking/vulnerabilities/list/global","urlObject":{"port":"2999","path":["sbom","parking","vulnerabilities","list","global"],"host":["{{sl-host}}"],"query":[{"disabled":true,"key":"productName","value":"jms"},{"disabled":true,"key":"productName","value":"jbl"}],"variable":[]}},"response":[{"id":"cb0515a6-ecea-45e0-91ce-1fc0dad79c42","name":"Cves List Global","originalRequest":{"method":"GET","header":[],"url":{"raw":"{{sl-host}}:2999/sbom/parking/vulnerabilities/list/global","host":["{{sl-host}}"],"port":"2999","path":["sbom","parking","vulnerabilities","list","global"],"query":[{"key":"productName","value":"jms","disabled":true},{"key":"productName","value":"jbl","type":"text","disabled":true}]}},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"1721439"},{"key":"ETag","value":"W/\"1a445f-2l1g04KrkX5cmvxpiAh34g5QyPk\""},{"key":"Date","value":"Thu, 29 Jan 2026 14:13:20 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n    \"success\": true,\n    \"data\": [\n        {\n            \"id\": \"10326\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2017-15095\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10327\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2017-17485\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10328\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2017-7525\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10329\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-11307\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10330\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-12022\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10331\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-12023\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10332\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-14718\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10333\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-14719\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10334\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-14720\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10335\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-14721\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 10,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10336\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-19360\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10337\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-19361\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10338\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-19362\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10339\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-5968\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10340\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-7489\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10341\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-12086\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10342\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-12384\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10343\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-12814\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10344\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-14379\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10345\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-14439\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10346\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-14540\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10347\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-14892\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10348\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-14893\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10349\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-16335\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10350\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-16942\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10351\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-16943\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10352\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-17267\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10353\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-17531\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10354\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-20330\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10355\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-10650\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10356\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-10672\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10357\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-10673\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10358\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-10968\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10359\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-10969\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10360\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-11111\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10361\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-11112\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10362\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-11113\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10363\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-11619\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10364\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-11620\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10365\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-14060\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10366\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-14061\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10367\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-14062\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10368\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-14195\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10369\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-24616\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10370\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-24750\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10371\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-25649\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10372\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-35490\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10373\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-35491\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10374\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-35728\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10375\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36179\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10376\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36180\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10377\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36181\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10378\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36182\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10379\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36183\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10380\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36184\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10381\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36185\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10382\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36186\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10383\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36187\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10384\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36188\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10385\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36189\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10386\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36518\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10387\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-8840\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10388\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-9546\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10389\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-9547\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10390\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-9548\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10391\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-20190\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10392\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-46877\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10393\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-42003\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10394\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-42004\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10395\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2023-35116\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10396\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-12537\",\n            \"component_name\": \"vertx-core\",\n            \"component_version\": \"4.5.14\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:vert.x:4.5.14:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.vertx/vertx-core@4.5.14?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10397\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-12540\",\n            \"component_name\": \"vertx-core\",\n            \"component_version\": \"4.5.14\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:vert.x:4.5.14:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.vertx/vertx-core@4.5.14?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10398\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-12541\",\n            \"component_name\": \"vertx-core\",\n            \"component_version\": \"4.5.14\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:vert.x:4.5.14:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.vertx/vertx-core@4.5.14?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10399\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-12542\",\n            \"component_name\": \"vertx-core\",\n            \"component_version\": \"4.5.14\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:vert.x:4.5.14:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.vertx/vertx-core@4.5.14?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10400\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-12544\",\n            \"component_name\": \"vertx-core\",\n            \"component_version\": \"4.5.14\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:vert.x:4.5.14:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.vertx/vertx-core@4.5.14?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10401\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-17640\",\n            \"component_name\": \"vertx-core\",\n            \"component_version\": \"4.5.14\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:vert.x:4.5.14:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.vertx/vertx-core@4.5.14?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10402\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2024-8391\",\n            \"component_name\": \"vertx-core\",\n            \"component_version\": \"4.5.14\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:vert.x:4.5.14:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.vertx/vertx-core@4.5.14?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10403\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2025-11965\",\n            \"component_name\": \"vertx-core\",\n            \"component_version\": \"4.5.14\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:vert.x:4.5.14:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.vertx/vertx-core@4.5.14?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10404\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2025-11966\",\n            \"component_name\": \"vertx-core\",\n            \"component_version\": \"4.5.14\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:vert.x:4.5.14:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.vertx/vertx-core@4.5.14?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10405\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2014-0193\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.118.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10406\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2014-3488\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.118.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10407\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2015-2156\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.118.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10408\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2016-4970\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.118.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10409\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-16869\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.118.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10410\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-20444\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.118.Final?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10411\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-20445\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.118.Final?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10412\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-11612\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.118.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10413\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-7238\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.118.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10414\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-21290\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.118.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10415\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-21295\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.118.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10416\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-21409\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.118.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10417\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-37136\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.118.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10418\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-37137\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.118.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10419\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-43797\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.118.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10420\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-24823\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.118.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10421\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-41881\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.118.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10422\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-41915\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.118.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10423\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2023-34462\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.118.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10424\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.118.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10425\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2024-29025\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.118.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10426\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2024-47535\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.118.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10427\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2025-24970\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.118.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10428\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2025-25193\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.118.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10429\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2025-55163\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.118.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10430\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2025-58056\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.118.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10431\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2025-58057\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.118.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10432\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2025-67735\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.118.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": false,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10461\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2014-0193\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-codec-http2@4.1.118.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10462\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2014-3488\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-codec-http2@4.1.118.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10463\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2015-2156\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-codec-http2@4.1.118.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10464\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2016-4970\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-codec-http2@4.1.118.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10465\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-16869\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-codec-http2@4.1.118.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10466\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-20444\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-codec-http2@4.1.118.Final?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10467\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-20445\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-codec-http2@4.1.118.Final?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10468\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-11612\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-codec-http2@4.1.118.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10469\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-7238\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-codec-http2@4.1.118.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10470\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-21290\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-codec-http2@4.1.118.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10471\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-21295\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-codec-http2@4.1.118.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10472\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-21409\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-codec-http2@4.1.118.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10473\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-37136\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-codec-http2@4.1.118.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10474\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-37137\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-codec-http2@4.1.118.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10475\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-43797\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-codec-http2@4.1.118.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10476\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-24823\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-codec-http2@4.1.118.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10477\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-41881\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-codec-http2@4.1.118.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10478\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-41915\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-codec-http2@4.1.118.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10479\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2023-34462\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-codec-http2@4.1.118.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10480\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-codec-http2@4.1.118.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10481\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2024-29025\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-codec-http2@4.1.118.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10482\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2024-47535\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-codec-http2@4.1.118.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10483\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2025-24970\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-codec-http2@4.1.118.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10484\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2025-25193\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-codec-http2@4.1.118.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10485\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2025-55163\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-codec-http2@4.1.118.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10486\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2025-58056\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-codec-http2@4.1.118.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10487\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2025-58057\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-codec-http2@4.1.118.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10488\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2025-67735\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.118.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-codec-http2@4.1.118.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": false,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10517\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2016-10750\",\n            \"component_name\": \"hazelcast\",\n            \"component_version\": \"5.3.5\",\n            \"component_cpe\": \"cpe:2.3:a:hazelcast:hazelcast:5.3.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.hazelcast/hazelcast@5.3.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10518\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-26168\",\n            \"component_name\": \"hazelcast\",\n            \"component_version\": \"5.3.5\",\n            \"component_cpe\": \"cpe:2.3:a:hazelcast:hazelcast:5.3.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.hazelcast/hazelcast@5.3.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10519\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-0265\",\n            \"component_name\": \"hazelcast\",\n            \"component_version\": \"5.3.5\",\n            \"component_cpe\": \"cpe:2.3:a:hazelcast:hazelcast:5.3.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.hazelcast/hazelcast@5.3.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10520\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-36437\",\n            \"component_name\": \"hazelcast\",\n            \"component_version\": \"5.3.5\",\n            \"component_cpe\": \"cpe:2.3:a:hazelcast:hazelcast:5.3.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.hazelcast/hazelcast@5.3.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10521\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2023-33264\",\n            \"component_name\": \"hazelcast\",\n            \"component_version\": \"5.3.5\",\n            \"component_cpe\": \"cpe:2.3:a:hazelcast:hazelcast:5.3.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.hazelcast/hazelcast@5.3.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10522\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2023-33265\",\n            \"component_name\": \"hazelcast\",\n            \"component_version\": \"5.3.5\",\n            \"component_cpe\": \"cpe:2.3:a:hazelcast:hazelcast:5.3.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.hazelcast/hazelcast@5.3.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10523\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2023-45859\",\n            \"component_name\": \"hazelcast\",\n            \"component_version\": \"5.3.5\",\n            \"component_cpe\": \"cpe:2.3:a:hazelcast:hazelcast:5.3.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.hazelcast/hazelcast@5.3.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10524\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2023-45860\",\n            \"component_name\": \"hazelcast\",\n            \"component_version\": \"5.3.5\",\n            \"component_cpe\": \"cpe:2.3:a:hazelcast:hazelcast:5.3.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.hazelcast/hazelcast@5.3.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10588\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2011-2894\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10589\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2013-4152\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10590\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2013-6429\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10591\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2013-7315\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10592\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2014-0054\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10593\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2014-3625\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10594\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2015-0201\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10595\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2015-3192\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10596\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2016-1000027\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10597\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2016-9878\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10598\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-11039\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10599\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-11040\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10600\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-1199\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10601\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-1257\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10602\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-1258\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10603\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-1270\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10604\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-1271\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10605\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-1272\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10606\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-1275\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10607\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-15756\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10608\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-15801\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10609\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-5397\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10610\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-5398\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10611\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-5421\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10612\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-22060\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10613\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-22096\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10614\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-22118\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10615\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-22950\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10616\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-22965\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10617\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-22968\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10618\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-22970\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10619\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-22971\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10620\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2023-20860\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10621\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2023-20861\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10622\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2023-20863\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10623\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2023-34053\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10624\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2024-22233\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10625\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2024-22259\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10626\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2024-38808\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10627\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2024-38820\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10788\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-1999-0862\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10789\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2000-1199\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10790\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2002-0972\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10791\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2002-1397\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10792\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2002-1398\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10793\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2002-1399\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10794\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2002-1400\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10795\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2002-1401\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10796\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2002-1402\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10797\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2002-1642\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10798\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2002-1657\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10799\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2003-0901\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10800\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2004-0547\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10801\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2004-0977\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10802\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2005-0227\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10803\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2005-0244\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10804\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2005-0245\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10805\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2005-0246\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10806\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2005-0247\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10807\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2005-1409\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10808\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2005-1410\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10809\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2006-0105\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10810\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2006-0553\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10811\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2006-0678\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10812\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2006-2313\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10813\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2006-2314\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10814\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2006-5540\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10815\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2006-5541\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10816\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2006-5542\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10817\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2007-0555\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10818\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2007-0556\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10819\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2007-2138\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10820\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2007-3278\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10821\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2007-3279\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10822\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2007-3280\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10823\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2007-4769\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10824\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2007-4772\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10825\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2007-6067\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10826\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2007-6600\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10827\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2007-6601\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10828\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2009-0922\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10829\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2009-3229\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10830\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2009-3230\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10831\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2009-3231\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10832\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2009-4034\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10833\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2009-4136\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10834\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2010-0442\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10835\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2010-0733\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10836\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2010-1169\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10837\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2010-1170\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10838\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2010-1447\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10839\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2010-1975\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10840\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2010-3433\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10841\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2010-4015\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10842\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2011-2483\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10843\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2012-0866\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10844\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2012-0867\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10845\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2012-0868\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10846\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2012-1618\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10847\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2012-2143\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10848\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2012-2655\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10849\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2012-3488\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10850\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2012-3489\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10851\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2013-0255\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10852\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2013-1899\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10853\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2013-1900\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10854\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2013-1901\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10855\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2013-1902\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10856\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2013-1903\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10857\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2014-0060\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10858\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2014-0061\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10859\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2014-0062\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10860\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2014-0063\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10861\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2014-0064\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10862\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2014-0065\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10863\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2014-0066\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10864\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2014-0067\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10865\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2014-2669\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10866\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2014-8161\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10867\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2015-0241\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10868\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2015-0242\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10869\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2015-0243\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10870\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2015-0244\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10871\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2015-3165\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10872\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2015-3166\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10873\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2015-3167\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10874\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2015-5288\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10875\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2015-5289\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10876\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2016-0766\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10877\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2016-0768\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10878\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2016-0773\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10879\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2016-2193\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10880\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2016-3065\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10881\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2016-5423\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10882\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2016-5424\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10883\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2016-7048\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10884\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2017-12172\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10885\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2017-14798\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10886\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2017-15098\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10887\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2017-15099\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10888\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2017-7484\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10889\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2017-7485\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10890\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2017-7486\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10891\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2017-7546\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10892\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2017-7547\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10893\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2017-7548\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10894\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2017-8806\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10895\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-1052\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10896\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-1053\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10897\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-1058\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10898\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-10915\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10899\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-10925\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10900\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-1115\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10901\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-16850\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10902\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-10127\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10903\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-10128\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10904\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-10129\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10905\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-10130\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10906\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-10164\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10907\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-10208\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10908\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-10209\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10909\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-10210\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10910\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-10211\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10911\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-9193\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10912\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-10733\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10913\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-14349\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10914\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-14350\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10915\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-1720\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10916\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-25694\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10917\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-25695\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10918\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-25696\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10919\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-20229\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10920\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-23214\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10921\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-23222\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10922\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-32027\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10923\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-32028\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10924\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-32029\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10925\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-3393\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10926\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-3677\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10927\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-43767\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10928\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-1552\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10929\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-2625\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10930\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-41862\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10931\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2023-2454\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10932\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2023-2455\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10933\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2023-39417\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10934\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2023-39418\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10935\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2023-5868\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10936\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2023-5869\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10937\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2023-5870\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10938\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2024-0985\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10939\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2024-10976\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10940\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2024-10977\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10941\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2024-10978\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10942\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2024-10979\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10943\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2024-4317\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10944\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2024-7348\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10945\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2017-5645\",\n            \"component_name\": \"log4j-slf4j-impl\",\n            \"component_version\": \"2.17.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:2.17.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.17.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10946\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-17571\",\n            \"component_name\": \"log4j-slf4j-impl\",\n            \"component_version\": \"2.17.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:2.17.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.17.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10947\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-9488\",\n            \"component_name\": \"log4j-slf4j-impl\",\n            \"component_version\": \"2.17.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:2.17.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.17.1?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10948\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-9493\",\n            \"component_name\": \"log4j-slf4j-impl\",\n            \"component_version\": \"2.17.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:2.17.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.17.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10949\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-4104\",\n            \"component_name\": \"log4j-slf4j-impl\",\n            \"component_version\": \"2.17.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:2.17.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.17.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10950\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-44228\",\n            \"component_name\": \"log4j-slf4j-impl\",\n            \"component_version\": \"2.17.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:2.17.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.17.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 10,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10951\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-44832\",\n            \"component_name\": \"log4j-slf4j-impl\",\n            \"component_version\": \"2.17.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:2.17.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.17.1?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10952\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-45046\",\n            \"component_name\": \"log4j-slf4j-impl\",\n            \"component_version\": \"2.17.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:2.17.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.17.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10953\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-45105\",\n            \"component_name\": \"log4j-slf4j-impl\",\n            \"component_version\": \"2.17.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:2.17.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.17.1?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10954\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-23302\",\n            \"component_name\": \"log4j-slf4j-impl\",\n            \"component_version\": \"2.17.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:2.17.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.17.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10955\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-23305\",\n            \"component_name\": \"log4j-slf4j-impl\",\n            \"component_version\": \"2.17.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:2.17.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.17.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10956\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-23307\",\n            \"component_name\": \"log4j-slf4j-impl\",\n            \"component_version\": \"2.17.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:2.17.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.17.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10957\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2023-26464\",\n            \"component_name\": \"log4j-slf4j-impl\",\n            \"component_version\": \"2.17.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:2.17.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.17.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10958\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2025-68161\",\n            \"component_name\": \"log4j-slf4j-impl\",\n            \"component_version\": \"2.17.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:2.17.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.17.1?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": false,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10987\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-10237\",\n            \"component_name\": \"guava\",\n            \"component_version\": \"22.0\",\n            \"component_cpe\": \"cpe:2.3:a:google:guava:22.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.google.guava/guava@22.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10988\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-8908\",\n            \"component_name\": \"guava\",\n            \"component_version\": \"22.0\",\n            \"component_cpe\": \"cpe:2.3:a:google:guava:22.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.google.guava/guava@22.0?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10989\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2023-2976\",\n            \"component_name\": \"guava\",\n            \"component_version\": \"22.0\",\n            \"component_cpe\": \"cpe:2.3:a:google:guava:22.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.google.guava/guava@22.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10990\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2017-15095\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10991\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2017-17485\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10992\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2017-7525\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10993\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-11307\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10994\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-12022\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10995\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-12023\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10996\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-14718\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10997\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-14719\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10998\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-14720\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"10999\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-14721\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 10,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11000\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-19360\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11001\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-19361\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11002\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-19362\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11003\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-5968\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11004\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-7489\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11005\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-12086\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11006\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-12384\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11007\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-12814\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11008\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-14379\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11009\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-14439\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11010\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-14540\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11011\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-14892\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11012\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-14893\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11013\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-16335\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11014\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-16942\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11015\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-16943\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11016\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-17267\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11017\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-17531\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11018\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-20330\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11019\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-10650\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11020\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-10672\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11021\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-10673\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11022\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-10968\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11023\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-10969\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11024\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-11111\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11025\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-11112\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11026\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-11113\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11027\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-11619\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11028\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-11620\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11029\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-14060\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11030\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-14061\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11031\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-14062\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11032\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-14195\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11033\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-24616\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11034\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-24750\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11035\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-25649\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11036\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-35490\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11037\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-35491\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11038\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-35728\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11039\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36179\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11040\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36180\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11041\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36181\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11042\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36182\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11043\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36183\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11044\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36184\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11045\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36185\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11046\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36186\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11047\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36187\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11048\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36188\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11049\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36189\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11050\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36518\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11051\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-8840\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11052\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-9546\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11053\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-9547\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11054\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-9548\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11055\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-20190\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11056\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-46877\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11057\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-42003\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11058\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-42004\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11059\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2023-35116\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11060\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2017-18640\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.18\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:1.18:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@1.18?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11061\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-1471\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.18\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:1.18:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@1.18?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11062\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-25857\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.18\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:1.18:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@1.18?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11063\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-38749\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.18\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:1.18:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@1.18?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11064\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-38750\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.18\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:1.18:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@1.18?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11065\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-38751\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.18\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:1.18:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@1.18?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11066\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-38752\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.18\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:1.18:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@1.18?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11067\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-41854\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.18\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:1.18:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@1.18?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11077\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2010-0684\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11078\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2010-1244\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11079\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2010-1587\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11080\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2011-4905\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11081\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2012-5784\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11082\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2012-6092\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11083\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2012-6551\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11084\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2013-1879\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11085\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2013-1880\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11086\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2013-3060\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11087\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2014-3576\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11088\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2014-3600\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11089\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2014-3612\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11090\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2014-8110\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11091\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2015-1830\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11092\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2015-5254\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11093\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2015-6524\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11094\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2015-7559\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11095\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2016-0734\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11096\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2016-0782\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11097\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2016-3088\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11098\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2016-6810\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11099\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2017-15709\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11100\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-11775\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11101\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-8006\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11102\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-0201\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11103\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-0222\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11104\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-10241\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11105\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-11998\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11106\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-13920\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11107\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-13947\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11108\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-1941\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11109\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-26217\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11110\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-21341\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11111\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-21342\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11112\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-21343\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11113\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-21344\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11114\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-21345\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11115\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-21346\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11116\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-21347\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11117\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-21348\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11118\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-21349\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11119\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-21350\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11120\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-21351\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11121\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-26117\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11122\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-41678\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11123\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2023-46604\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 10,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11124\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2024-32114\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11125\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2025-27533\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.16.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11246\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2017-15095\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"12280\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-23305\",\n            \"component_name\": \"log4j\",\n            \"component_version\": \"1.2.17\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:1.2.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/log4j/log4j@1.2.17?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11247\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2017-17485\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11248\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2017-7525\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11249\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-11307\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11250\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-12022\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11251\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-12023\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11252\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-14718\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11253\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-14719\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11254\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-14720\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11255\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-14721\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 10,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11256\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-19360\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11257\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-19361\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11258\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-19362\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11259\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-5968\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11260\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-7489\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11261\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-12086\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11262\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-12384\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11263\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-12814\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11264\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-14379\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11265\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-14439\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11266\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-14540\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11267\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-14892\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11268\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-14893\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11269\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-16335\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11270\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-16942\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11271\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-16943\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11272\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-17267\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11273\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-17531\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11274\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-20330\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11275\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-10650\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11276\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-10672\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11277\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-10673\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11278\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-10968\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11279\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-10969\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11280\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-11111\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11281\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-11112\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11282\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-11113\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11283\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-11619\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11284\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-11620\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11285\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-14060\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11286\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-14061\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11287\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-14062\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11288\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-14195\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11289\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-24616\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11290\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-24750\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11291\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-25649\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11292\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-35490\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11293\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-35491\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11294\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-35728\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11295\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36179\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11296\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36180\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11297\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36181\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11298\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36182\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11299\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36183\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11300\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36184\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11301\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36185\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11302\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36186\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11303\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36187\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11304\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36188\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11305\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36189\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11306\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36518\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11307\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-8840\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11308\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-9546\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11309\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-9547\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11310\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-9548\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11311\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-20190\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11312\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-46877\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11313\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-42003\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11314\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-42004\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11315\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2023-35116\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11316\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2016-3720\",\n            \"component_name\": \"jackson-dataformat-xml\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-dataformat-xml:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml@2.18.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11317\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2016-7051\",\n            \"component_name\": \"jackson-dataformat-xml\",\n            \"component_version\": \"2.18.3\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-dataformat-xml:2.18.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml@2.18.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11318\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2016-2175\",\n            \"component_name\": \"pdfbox\",\n            \"component_version\": \"2.0.21\",\n            \"component_cpe\": \"cpe:2.3:a:apache:pdfbox:2.0.21:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.pdfbox/pdfbox@2.0.21?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11319\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-11797\",\n            \"component_name\": \"pdfbox\",\n            \"component_version\": \"2.0.21\",\n            \"component_cpe\": \"cpe:2.3:a:apache:pdfbox:2.0.21:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.pdfbox/pdfbox@2.0.21?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11320\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-8036\",\n            \"component_name\": \"pdfbox\",\n            \"component_version\": \"2.0.21\",\n            \"component_cpe\": \"cpe:2.3:a:apache:pdfbox:2.0.21:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.pdfbox/pdfbox@2.0.21?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11321\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-0228\",\n            \"component_name\": \"pdfbox\",\n            \"component_version\": \"2.0.21\",\n            \"component_cpe\": \"cpe:2.3:a:apache:pdfbox:2.0.21:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.pdfbox/pdfbox@2.0.21?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11322\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-27807\",\n            \"component_name\": \"pdfbox\",\n            \"component_version\": \"2.0.21\",\n            \"component_cpe\": \"cpe:2.3:a:apache:pdfbox:2.0.21:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.pdfbox/pdfbox@2.0.21?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11323\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-27906\",\n            \"component_name\": \"pdfbox\",\n            \"component_version\": \"2.0.21\",\n            \"component_cpe\": \"cpe:2.3:a:apache:pdfbox:2.0.21:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.pdfbox/pdfbox@2.0.21?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11324\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-31811\",\n            \"component_name\": \"pdfbox\",\n            \"component_version\": \"2.0.21\",\n            \"component_cpe\": \"cpe:2.3:a:apache:pdfbox:2.0.21:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.pdfbox/pdfbox@2.0.21?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11325\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-31812\",\n            \"component_name\": \"pdfbox\",\n            \"component_version\": \"2.0.21\",\n            \"component_cpe\": \"cpe:2.3:a:apache:pdfbox:2.0.21:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.pdfbox/pdfbox@2.0.21?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11334\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2014-8125\",\n            \"component_name\": \"drools-core\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_cpe\": \"cpe:2.3:a:redhat:drools:7.71.0.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.drools/drools-core@7.71.0.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11335\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-41411\",\n            \"component_name\": \"drools-core\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_cpe\": \"cpe:2.3:a:redhat:drools:7.71.0.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.drools/drools-core@7.71.0.Final?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11336\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-1415\",\n            \"component_name\": \"drools-core\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_cpe\": \"cpe:2.3:a:redhat:drools:7.71.0.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.drools/drools-core@7.71.0.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11358\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2012-0213\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:poi:4.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.poi/poi-ooxml@4.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11359\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2014-3529\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:poi:4.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.poi/poi-ooxml@4.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11360\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2014-3574\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:poi:4.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.poi/poi-ooxml@4.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11361\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2014-9527\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:poi:4.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.poi/poi-ooxml@4.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11362\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2016-5000\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:poi:4.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.poi/poi-ooxml@4.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11363\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2017-12626\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:poi:4.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.poi/poi-ooxml@4.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11364\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2017-5644\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:poi:4.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.poi/poi-ooxml@4.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11365\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-12415\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:poi:4.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.poi/poi-ooxml@4.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11366\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-26336\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:poi:4.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.poi/poi-ooxml@4.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11367\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2025-31672\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:poi:4.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.poi/poi-ooxml@4.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11378\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-23926\",\n            \"component_name\": \"xmlbeans\",\n            \"component_version\": \"3.1.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:xmlbeans:3.1.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.xmlbeans/xmlbeans@3.1.0?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11379\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2012-2098\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_compress:1.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.commons/commons-compress@1.19?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11380\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-11771\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_compress:1.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.commons/commons-compress@1.19?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11381\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-1324\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_compress:1.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.commons/commons-compress@1.19?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11382\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-12402\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_compress:1.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.commons/commons-compress@1.19?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11383\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-35515\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_compress:1.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.commons/commons-compress@1.19?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11384\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-35516\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_compress:1.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.commons/commons-compress@1.19?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11385\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-35517\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_compress:1.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.commons/commons-compress@1.19?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11386\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-36090\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_compress:1.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.commons/commons-compress@1.19?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11387\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2023-42503\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_compress:1.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.commons/commons-compress@1.19?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11388\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2024-25710\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_compress:1.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.commons/commons-compress@1.19?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11389\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2024-26308\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_compress:1.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.commons/commons-compress@1.19?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11400\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2013-6465\",\n            \"component_name\": \"jbpm-flow\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_cpe\": \"cpe:2.3:a:redhat:jbpm:7.71.0.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.jbpm/jbpm-flow@7.71.0.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11401\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2014-8125\",\n            \"component_name\": \"jbpm-flow\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_cpe\": \"cpe:2.3:a:redhat:jbpm:7.71.0.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.jbpm/jbpm-flow@7.71.0.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11402\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2017-7545\",\n            \"component_name\": \"jbpm-flow\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_cpe\": \"cpe:2.3:a:redhat:jbpm:7.71.0.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.jbpm/jbpm-flow@7.71.0.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11403\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-20306\",\n            \"component_name\": \"jbpm-flow\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_cpe\": \"cpe:2.3:a:redhat:jbpm:7.71.0.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.jbpm/jbpm-flow@7.71.0.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11425\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2015-5237\",\n            \"component_name\": \"protobuf-java\",\n            \"component_version\": \"3.19.4\",\n            \"component_cpe\": \"cpe:2.3:a:google:protobuf:3.19.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.google.protobuf/protobuf-java@3.19.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11426\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-22570\",\n            \"component_name\": \"protobuf-java\",\n            \"component_version\": \"3.19.4\",\n            \"component_cpe\": \"cpe:2.3:a:google:protobuf:3.19.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.google.protobuf/protobuf-java@3.19.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11427\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2024-2410\",\n            \"component_name\": \"protobuf-java\",\n            \"component_version\": \"3.19.4\",\n            \"component_cpe\": \"cpe:2.3:a:google:protobuf:3.19.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.google.protobuf/protobuf-java@3.19.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11428\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2024-7254\",\n            \"component_name\": \"protobuf-java\",\n            \"component_version\": \"3.19.4\",\n            \"component_cpe\": \"cpe:2.3:a:google:protobuf:3.19.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.google.protobuf/protobuf-java@3.19.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11429\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2017-15095\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11430\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2017-17485\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11431\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2017-7525\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11432\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-11307\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11433\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-12022\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11434\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-12023\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11435\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-14718\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11436\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-14719\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11437\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-14720\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11438\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-14721\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 10,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11439\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-19360\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11440\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-19361\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11441\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-19362\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11442\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-5968\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11443\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-7489\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11444\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-12086\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11445\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-12384\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11446\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-12814\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11447\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-14379\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11448\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-14439\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11513\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-1258\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11449\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-14540\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11450\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-14892\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11451\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-14893\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11452\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-16335\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11453\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-16942\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11454\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-16943\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11455\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-17267\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11456\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-17531\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11457\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2019-20330\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11458\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-10650\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11459\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-10672\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11460\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-10673\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11461\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-10968\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11462\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-10969\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11463\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-11111\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11464\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-11112\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11465\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-11113\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11466\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-11619\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11467\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-11620\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11468\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-14060\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11469\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-14061\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11470\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-14062\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11471\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-14195\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11472\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-24616\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11473\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-24750\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11474\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-25649\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11475\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-35490\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11476\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-35491\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11477\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-35728\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11478\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36179\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11479\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36180\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11480\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36181\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11481\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36182\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11482\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36183\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11483\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36184\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11484\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36185\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11485\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36186\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11486\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36187\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11487\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36188\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11488\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36189\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11489\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-36518\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11490\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-8840\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11491\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-9546\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11492\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-9547\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11493\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-9548\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11494\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-20190\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11495\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-46877\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11496\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-42003\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11497\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-42004\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11498\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2023-35116\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.6.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11499\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2011-2894\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11500\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2013-4152\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11501\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2013-6429\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11502\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2013-7315\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11503\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2014-0054\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11504\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2014-3625\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11505\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2015-0201\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11506\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2015-3192\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11507\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2016-1000027\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11508\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2016-9878\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11509\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-11039\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11510\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-11040\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11511\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-1199\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11512\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-1257\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11514\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-1270\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11515\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-1271\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11516\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-1272\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11517\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-1275\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11518\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-15756\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11519\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-15801\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11520\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-5397\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11521\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-5398\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11522\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-5421\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11523\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-22060\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11524\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-22096\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11525\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-22118\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11526\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-22950\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11527\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-22965\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11528\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-22968\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11529\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-22970\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11530\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2022-22971\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11531\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2023-20860\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11532\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2023-20861\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11533\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2023-20863\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11534\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2023-34053\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11535\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2024-22233\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11536\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2024-22259\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11537\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2024-38808\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11538\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2024-38820\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-tx@5.3.19?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11659\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-10237\",\n            \"component_name\": \"guava\",\n            \"component_version\": \"31.1-jre\",\n            \"component_cpe\": \"cpe:2.3:a:google:guava:31.1-jre:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.google.guava/guava@31.1-jre?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11660\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-8908\",\n            \"component_name\": \"guava\",\n            \"component_version\": \"31.1-jre\",\n            \"component_cpe\": \"cpe:2.3:a:google:guava:31.1-jre:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.google.guava/guava@31.1-jre?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11661\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2023-2976\",\n            \"component_name\": \"guava\",\n            \"component_version\": \"31.1-jre\",\n            \"component_cpe\": \"cpe:2.3:a:google:guava:31.1-jre:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.google.guava/guava@31.1-jre?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11662\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2018-10237\",\n            \"component_name\": \"failureaccess\",\n            \"component_version\": \"1.0.1\",\n            \"component_cpe\": \"cpe:2.3:a:google:guava:1.0.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.google.guava/failureaccess@1.0.1?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11663\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2020-8908\",\n            \"component_name\": \"failureaccess\",\n            \"component_version\": \"1.0.1\",\n            \"component_cpe\": \"cpe:2.3:a:google:guava:1.0.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.google.guava/failureaccess@1.0.1?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11664\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2023-2976\",\n            \"component_name\": \"failureaccess\",\n            \"component_version\": \"1.0.1\",\n            \"component_cpe\": \"cpe:2.3:a:google:guava:1.0.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.google.guava/failureaccess@1.0.1?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11665\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2021-29425\",\n            \"component_name\": \"commons-io\",\n            \"component_version\": \"2.11.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_io:2.11.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/commons-io/commons-io@2.11.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11666\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2024-47554\",\n            \"component_name\": \"commons-io\",\n            \"component_version\": \"2.11.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_io:2.11.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/commons-io/commons-io@2.11.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11667\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2015-6420\",\n            \"component_name\": \"commons-collections\",\n            \"component_version\": \"3.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_collections:3.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/commons-collections/commons-collections@3.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11668\",\n            \"scan_report_id\": \"7\",\n            \"cve_id\": \"CVE-2025-48924\",\n            \"component_name\": \"commons-lang\",\n            \"component_version\": \"2.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_lang:2.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/commons-lang/commons-lang@2.1?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"id\": \"11669\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-1999-0862\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11670\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2000-1199\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11671\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-0972\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11672\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-1397\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11673\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-1398\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11674\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-1399\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11675\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-1400\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11676\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-1401\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11677\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-1402\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11678\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-1642\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11679\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-1657\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11680\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2003-0901\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11681\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2004-0547\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11682\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2004-0977\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11683\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-0227\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11684\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-0244\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11685\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-0245\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11686\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-0246\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11687\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-0247\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11688\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-1409\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11689\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-1410\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11690\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2006-0105\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11691\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2006-0553\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11692\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2006-0678\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11693\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2006-2313\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11694\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2006-2314\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11695\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2006-5540\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11696\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2006-5541\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11697\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2006-5542\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11698\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-0555\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11699\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-0556\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11700\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-2138\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11701\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-3278\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11702\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-3279\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11703\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-3280\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11704\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-4769\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11705\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-4772\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11706\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-6067\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11707\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-6600\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11708\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-6601\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11709\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-0922\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11710\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-3229\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11711\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-3230\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11712\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-3231\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11713\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-4034\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11714\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-4136\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11715\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-0442\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11716\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-0733\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11717\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-1169\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11718\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-1170\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11719\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-1447\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11720\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-1975\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11721\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-3433\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11722\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-4015\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11723\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-2483\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11724\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-0866\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11725\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-0867\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11726\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-0868\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11727\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-1618\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11728\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-2143\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11729\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-2655\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11730\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-3488\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11731\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-3489\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11732\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-0255\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11733\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-1899\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11734\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-1900\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11735\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-1901\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11736\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-1902\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11737\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-1903\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11738\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0060\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11739\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0061\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11740\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0062\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11741\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0063\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11742\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0064\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11743\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0065\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11744\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0066\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11745\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0067\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11746\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-2669\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11747\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-8161\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11748\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-0241\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11749\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-0242\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11750\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-0243\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11751\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-0244\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11752\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-3165\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11753\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-3166\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11754\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-3167\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11755\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-5288\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11756\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-5289\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11757\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-0766\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11758\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-0768\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11759\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-0773\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11760\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-2193\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11761\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-3065\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11762\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-5423\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11763\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-5424\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11764\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-7048\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11765\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-12172\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11766\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-14798\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11767\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-15098\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11768\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-15099\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11769\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7484\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11770\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7485\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11771\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7486\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11772\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7546\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11773\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7547\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11774\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7548\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11775\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-8806\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11776\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1052\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11777\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1053\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11778\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1058\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11779\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-10915\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11780\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-10925\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11781\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1115\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12278\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-45105\",\n            \"component_name\": \"log4j\",\n            \"component_version\": \"1.2.17\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:1.2.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/log4j/log4j@1.2.17?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11782\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-16850\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11783\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10127\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11784\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10128\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11785\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10129\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11786\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10130\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11787\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10164\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11788\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10208\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11789\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10209\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11790\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10210\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11791\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10211\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11792\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-9193\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11793\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-10733\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11794\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-14349\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11795\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-14350\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11796\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-1720\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11797\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-25694\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11798\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-25695\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11799\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-25696\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11800\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-20229\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11801\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-23214\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11802\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-23222\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11803\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-32027\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11804\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-32028\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11805\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-32029\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11806\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-3393\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11807\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-3677\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11808\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-43767\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11809\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-1552\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11810\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-2625\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11811\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-41862\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11812\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-2454\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11813\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-2455\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11814\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-39417\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11815\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-39418\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11816\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-5868\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11817\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-5869\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11818\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-5870\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11819\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-0985\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11820\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-10976\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11821\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-10977\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11822\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-10978\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11823\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-10979\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11824\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-4317\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11825\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-7348\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"component_cpe\": \"cpe:2.3:a:postgresql:postgresql:42.7.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.postgresql/postgresql@42.7.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11826\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-2894\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11827\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-4152\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11828\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-6429\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11829\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-7315\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11830\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0054\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11831\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-3625\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11832\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-0201\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11833\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-3192\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11834\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-1000027\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11835\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-9878\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11836\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-11039\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11837\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-11040\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11838\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1199\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11839\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1257\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11840\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1258\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11841\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1270\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11842\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1271\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11843\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1272\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11844\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1275\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11845\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-15756\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11846\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-15801\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11847\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-5397\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11848\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-5398\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11849\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-5421\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11850\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-22060\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11851\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-22096\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11852\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-22118\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11853\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-22950\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11854\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-22965\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11855\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-22968\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11856\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-22970\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11857\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-22971\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11858\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-20860\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11859\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-20861\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11860\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-20863\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11861\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-34053\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11862\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-22233\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11863\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-22259\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11864\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-38808\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11865\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-38820\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-context@5.3.39?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11986\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-6153\",\n            \"component_name\": \"commons-httpclient\",\n            \"component_version\": \"3.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_httpclient:3.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/commons-httpclient/commons-httpclient@3.1?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11987\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-37533\",\n            \"component_name\": \"commons-net\",\n            \"component_version\": \"2.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_net:2.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/commons-net/commons-net@2.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"11988\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-6420\",\n            \"component_name\": \"commons-collections\",\n            \"component_version\": \"3.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_collections:3.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/commons-collections/commons-collections@3.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12069\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-4330\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:camel:2.11.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.camel/camel-core@2.11.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12070\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0002\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:camel:2.11.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.camel/camel-core@2.11.0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12071\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0003\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:camel:2.11.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.camel/camel-core@2.11.0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12072\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-0263\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:camel:2.11.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.camel/camel-core@2.11.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12073\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-0264\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:camel:2.11.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.camel/camel-core@2.11.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12074\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-5344\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:camel:2.11.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.camel/camel-core@2.11.0?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12075\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-5348\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:camel:2.11.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.camel/camel-core@2.11.0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12076\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-8749\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:camel:2.11.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.camel/camel-core@2.11.0?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12077\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-12633\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:camel:2.11.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.camel/camel-core@2.11.0?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12078\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-12634\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:camel:2.11.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.camel/camel-core@2.11.0?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12079\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-3159\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:camel:2.11.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.camel/camel-core@2.11.0?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12080\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5643\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:camel:2.11.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.camel/camel-core@2.11.0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12081\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-8027\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:camel:2.11.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.camel/camel-core@2.11.0?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12082\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-0188\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:camel:2.11.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.camel/camel-core@2.11.0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12083\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-0194\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:camel:2.11.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.camel/camel-core@2.11.0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12084\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-11971\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:camel:2.11.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.camel/camel-core@2.11.0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12085\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-11972\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:camel:2.11.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.camel/camel-core@2.11.0?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12086\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-11973\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:camel:2.11.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.camel/camel-core@2.11.0?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12087\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-11994\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:camel:2.11.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.camel/camel-core@2.11.0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12088\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-5529\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:camel:2.11.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.camel/camel-core@2.11.0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12089\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-34442\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:camel:2.11.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.camel/camel-core@2.11.0?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12090\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-22369\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:camel:2.11.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.camel/camel-core@2.11.0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12091\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-22371\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:camel:2.11.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.camel/camel-core@2.11.0?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12092\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-23114\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:camel:2.11.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.camel/camel-core@2.11.0?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12093\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-27636\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:camel:2.11.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.camel/camel-core@2.11.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12094\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-29891\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:camel:2.11.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.camel/camel-core@2.11.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12095\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-30177\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:camel:2.11.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.camel/camel-core@2.11.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12096\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-66169\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:camel:2.11.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.camel/camel-core@2.11.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": false,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12097\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-2175\",\n            \"component_name\": \"pdfbox\",\n            \"component_version\": \"2.0.21\",\n            \"component_cpe\": \"cpe:2.3:a:apache:pdfbox:2.0.21:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.pdfbox/pdfbox@2.0.21?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12098\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-11797\",\n            \"component_name\": \"pdfbox\",\n            \"component_version\": \"2.0.21\",\n            \"component_cpe\": \"cpe:2.3:a:apache:pdfbox:2.0.21:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.pdfbox/pdfbox@2.0.21?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12099\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-8036\",\n            \"component_name\": \"pdfbox\",\n            \"component_version\": \"2.0.21\",\n            \"component_cpe\": \"cpe:2.3:a:apache:pdfbox:2.0.21:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.pdfbox/pdfbox@2.0.21?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12100\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-0228\",\n            \"component_name\": \"pdfbox\",\n            \"component_version\": \"2.0.21\",\n            \"component_cpe\": \"cpe:2.3:a:apache:pdfbox:2.0.21:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.pdfbox/pdfbox@2.0.21?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12101\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-27807\",\n            \"component_name\": \"pdfbox\",\n            \"component_version\": \"2.0.21\",\n            \"component_cpe\": \"cpe:2.3:a:apache:pdfbox:2.0.21:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.pdfbox/pdfbox@2.0.21?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12102\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-27906\",\n            \"component_name\": \"pdfbox\",\n            \"component_version\": \"2.0.21\",\n            \"component_cpe\": \"cpe:2.3:a:apache:pdfbox:2.0.21:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.pdfbox/pdfbox@2.0.21?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12103\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-31811\",\n            \"component_name\": \"pdfbox\",\n            \"component_version\": \"2.0.21\",\n            \"component_cpe\": \"cpe:2.3:a:apache:pdfbox:2.0.21:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.pdfbox/pdfbox@2.0.21?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12104\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-31812\",\n            \"component_name\": \"pdfbox\",\n            \"component_version\": \"2.0.21\",\n            \"component_cpe\": \"cpe:2.3:a:apache:pdfbox:2.0.21:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.pdfbox/pdfbox@2.0.21?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12113\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-15095\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12114\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-17485\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12115\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7525\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12116\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-11307\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12117\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-12022\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12118\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-12023\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12119\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-14718\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12120\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-14719\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12121\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-14720\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12122\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-14721\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 10,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12123\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-19360\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12124\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-19361\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12125\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-19362\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12126\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-5968\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12127\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-7489\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12128\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-12086\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12129\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-12384\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12130\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-12814\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12279\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-23302\",\n            \"component_name\": \"log4j\",\n            \"component_version\": \"1.2.17\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:1.2.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/log4j/log4j@1.2.17?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12131\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-14379\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12132\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-14439\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12133\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-14540\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12134\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-14892\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12135\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-14893\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12136\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-16335\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12137\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-16942\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12138\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-16943\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12139\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-17267\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12140\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-17531\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12141\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-20330\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12142\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-10650\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12143\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-10672\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12144\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-10673\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12145\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-10968\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12146\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-10969\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12147\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-11111\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12148\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-11112\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12149\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-11113\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12150\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-11619\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12151\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-11620\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12152\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-14060\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12153\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-14061\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12154\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-14062\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12155\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-14195\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12156\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-24616\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12157\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-24750\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12158\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-25649\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12159\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-35490\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12160\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-35491\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12161\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-35728\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12162\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-36179\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12163\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-36180\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12164\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-36181\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12165\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-36182\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12166\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-36183\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12167\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-36184\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12168\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-36185\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12169\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-36186\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12170\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-36187\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12171\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-36188\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12172\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-36189\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12173\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-36518\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12174\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-8840\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12175\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-9546\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12176\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-9547\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12177\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-9548\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12178\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-20190\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12179\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-46877\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12180\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-42003\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12181\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-42004\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12182\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-35116\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12183\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-1932\",\n            \"component_name\": \"hibernate-validator\",\n            \"component_version\": \"6.2.0.Final\",\n            \"component_cpe\": \"cpe:2.3:a:hibernate:hibernate-validator:6.2.0:final:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.hibernate.validator/hibernate-validator@6.2.0.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12184\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-25647\",\n            \"component_name\": \"gson\",\n            \"component_version\": \"2.8.2\",\n            \"component_cpe\": \"cpe:2.3:a:google:gson:2.8.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.google.code.gson/gson@2.8.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12185\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-37533\",\n            \"component_name\": \"commons-net\",\n            \"component_version\": \"3.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_net:3.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/commons-net/commons-net@3.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12186\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-6420\",\n            \"component_name\": \"commons-collections\",\n            \"component_version\": \"3.2.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/commons-collections/commons-collections@3.2.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12267\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-48924\",\n            \"component_name\": \"commons-lang\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_lang:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/commons-lang/commons-lang@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12268\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-29425\",\n            \"component_name\": \"commons-io\",\n            \"component_version\": \"1.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_io:1.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/commons-io/commons-io@1.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12269\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-47554\",\n            \"component_name\": \"commons-io\",\n            \"component_version\": \"1.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_io:1.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/commons-io/commons-io@1.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12270\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5645\",\n            \"component_name\": \"log4j\",\n            \"component_version\": \"1.2.17\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:1.2.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/log4j/log4j@1.2.17?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12271\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-17571\",\n            \"component_name\": \"log4j\",\n            \"component_version\": \"1.2.17\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:1.2.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/log4j/log4j@1.2.17?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12272\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-9488\",\n            \"component_name\": \"log4j\",\n            \"component_version\": \"1.2.17\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:1.2.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/log4j/log4j@1.2.17?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12273\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-9493\",\n            \"component_name\": \"log4j\",\n            \"component_version\": \"1.2.17\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:1.2.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/log4j/log4j@1.2.17?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12274\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-4104\",\n            \"component_name\": \"log4j\",\n            \"component_version\": \"1.2.17\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:1.2.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/log4j/log4j@1.2.17?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12275\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-44228\",\n            \"component_name\": \"log4j\",\n            \"component_version\": \"1.2.17\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:1.2.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/log4j/log4j@1.2.17?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 10,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12276\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-44832\",\n            \"component_name\": \"log4j\",\n            \"component_version\": \"1.2.17\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:1.2.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/log4j/log4j@1.2.17?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12277\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-45046\",\n            \"component_name\": \"log4j\",\n            \"component_version\": \"1.2.17\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:1.2.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/log4j/log4j@1.2.17?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12281\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-23307\",\n            \"component_name\": \"log4j\",\n            \"component_version\": \"1.2.17\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:1.2.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/log4j/log4j@1.2.17?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12282\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-26464\",\n            \"component_name\": \"log4j\",\n            \"component_version\": \"1.2.17\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:1.2.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/log4j/log4j@1.2.17?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12283\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-68161\",\n            \"component_name\": \"log4j\",\n            \"component_version\": \"1.2.17\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:1.2.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/log4j/log4j@1.2.17?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": false,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12284\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-2076\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12285\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-2487\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12286\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-0803\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12287\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-2378\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12288\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-2379\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12289\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-3451\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12290\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-5575\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12291\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-5633\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12292\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-5786\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12293\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-0239\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12294\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-2160\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12295\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0034\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12296\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0035\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12297\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0109\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12298\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0110\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12299\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-3584\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12300\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-3623\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12301\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-5253\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12302\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6812\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12303\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-8739\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12304\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-12624\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12305\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-3156\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12306\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5653\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12307\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5656\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12308\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-8039\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12309\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-12406\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12310\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-12419\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12311\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-12423\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12312\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-17573\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12313\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-13954\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12314\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-1954\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12315\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-22696\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12316\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-30468\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12317\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-40690\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12318\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-46363\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12319\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-46364\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12320\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-28752\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12321\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-29736\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12322\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-32007\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12323\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-41172\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12324\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-23184\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12325\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-48795\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12326\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-48913\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.1.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.10?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12714\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2006-0254\",\n            \"component_name\": \"geronimo-jta_1.1_spec\",\n            \"component_version\": \"1.1.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:geronimo:1.1.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.geronimo.specs/geronimo-jta_1.1_spec@1.1.1?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12715\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-4548\",\n            \"component_name\": \"geronimo-jta_1.1_spec\",\n            \"component_version\": \"1.1.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:geronimo:1.1.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.geronimo.specs/geronimo-jta_1.1_spec@1.1.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12716\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-5085\",\n            \"component_name\": \"geronimo-jta_1.1_spec\",\n            \"component_version\": \"1.1.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:geronimo:1.1.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.geronimo.specs/geronimo-jta_1.1_spec@1.1.1?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12717\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-5797\",\n            \"component_name\": \"geronimo-jta_1.1_spec\",\n            \"component_version\": \"1.1.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:geronimo:1.1.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.geronimo.specs/geronimo-jta_1.1_spec@1.1.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12718\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-0732\",\n            \"component_name\": \"geronimo-jta_1.1_spec\",\n            \"component_version\": \"1.1.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:geronimo:1.1.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.geronimo.specs/geronimo-jta_1.1_spec@1.1.1?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12719\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-5518\",\n            \"component_name\": \"geronimo-jta_1.1_spec\",\n            \"component_version\": \"1.1.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:geronimo:1.1.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.geronimo.specs/geronimo-jta_1.1_spec@1.1.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12720\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-0038\",\n            \"component_name\": \"geronimo-jta_1.1_spec\",\n            \"component_version\": \"1.1.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:geronimo:1.1.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.geronimo.specs/geronimo-jta_1.1_spec@1.1.1?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12721\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-0039\",\n            \"component_name\": \"geronimo-jta_1.1_spec\",\n            \"component_version\": \"1.1.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:geronimo:1.1.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.geronimo.specs/geronimo-jta_1.1_spec@1.1.1?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12722\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-5034\",\n            \"component_name\": \"geronimo-jta_1.1_spec\",\n            \"component_version\": \"1.1.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:geronimo:1.1.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.geronimo.specs/geronimo-jta_1.1_spec@1.1.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12723\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-1777\",\n            \"component_name\": \"geronimo-jta_1.1_spec\",\n            \"component_version\": \"1.1.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:geronimo:1.1.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.geronimo.specs/geronimo-jta_1.1_spec@1.1.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12724\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-15095\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12725\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-17485\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12726\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7525\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12727\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-11307\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12728\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-12022\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12729\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-12023\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12730\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-14718\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12731\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-14719\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12732\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-14720\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12733\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-14721\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 10,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12734\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-19360\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12735\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-19361\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12736\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-19362\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12737\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-5968\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12738\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-7489\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12739\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-12086\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12740\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-12384\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12741\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-12814\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12742\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-14379\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12743\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-14439\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12744\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-14540\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12745\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-14892\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12746\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-14893\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12747\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-16335\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12748\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-16942\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12749\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-16943\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12750\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-17267\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12751\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-17531\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12752\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-20330\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12753\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-10650\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12754\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-10672\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12755\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-10673\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12756\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-10968\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12757\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-10969\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12758\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-11111\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12759\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-11112\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12760\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-11113\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12761\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-11619\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12762\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-11620\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12763\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-14060\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12764\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-14061\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12765\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-14062\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12766\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-14195\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12767\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-24616\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12768\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-24750\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12769\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-25649\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12770\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-35490\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12771\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-35491\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12772\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-35728\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12773\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-36179\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12774\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-36180\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12775\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-36181\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12776\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-36182\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12777\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-36183\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12778\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-36184\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12779\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-36185\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12780\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-36186\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12781\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-36187\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12782\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-36188\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12783\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-36189\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12784\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-36518\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12785\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-8840\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12786\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-9546\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12787\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-9547\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12788\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-9548\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12789\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-20190\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12790\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-46877\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12791\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-42003\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12792\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-42004\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12793\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-35116\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-databind:2.12.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12837\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2000-0672\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12838\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2000-0759\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12839\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2000-0760\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12840\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2000-1210\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12841\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2001-0590\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12842\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2001-0829\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12843\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2001-0917\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12844\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2001-1563\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12845\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-0682\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12846\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-0935\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12847\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-0936\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12848\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-1148\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12849\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-1394\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12850\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-1567\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12851\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-1895\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12852\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-2006\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12853\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-2007\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12854\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-2008\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12855\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-2009\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12856\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-2272\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12857\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2003-0042\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12858\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2003-0043\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12859\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2003-0044\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12860\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2003-0045\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12861\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2003-0866\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12862\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-0808\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12863\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-2090\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12864\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-3164\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12865\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-3510\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12866\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-4703\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12867\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-4836\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12868\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-4838\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12869\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2006-3835\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12870\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2006-7195\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12871\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2006-7196\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12872\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2006-7197\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12873\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-0450\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12874\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-1355\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12875\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-1358\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12876\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-1858\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12877\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-2449\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12878\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-2450\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12879\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-3382\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12880\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-3383\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12881\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-3384\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12882\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-3385\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12883\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-3386\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12884\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-4724\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12885\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-5333\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12886\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-5342\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12887\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-5461\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12888\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-6286\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12889\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-0002\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12890\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-0128\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12891\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-1232\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12892\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-1947\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12893\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-2370\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12894\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-2938\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12895\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-3271\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12896\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-4308\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12897\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-5515\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12898\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-5519\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12899\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-0033\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12900\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-0580\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12901\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-0781\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12902\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-0783\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12903\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-2693\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12904\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-2696\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12905\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-2901\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12906\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-2902\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12907\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-3548\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12908\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-1157\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12909\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-2227\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12910\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-3718\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12911\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-4172\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12912\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-4312\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12913\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-0013\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12914\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-0534\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12915\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-1088\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12916\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-1183\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12917\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-1184\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12918\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-1419\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12919\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-1475\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12920\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-1582\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12921\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-2204\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12922\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-2481\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12923\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-2526\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12924\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-2729\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12925\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-3190\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12926\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-3375\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12927\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-3376\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12928\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-4858\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12929\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-5062\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12930\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-5063\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12931\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-5064\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12932\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-0022\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12933\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-2733\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12934\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-3544\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12935\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-3546\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12936\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-4431\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12937\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-4534\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12938\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-5568\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12939\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-5885\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12940\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-5886\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12941\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-5887\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12942\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-0346\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12943\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-2067\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12944\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-2071\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12945\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-2185\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12946\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-4286\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12947\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-4322\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12948\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-4444\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12949\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-4590\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12950\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-6357\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12951\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0033\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12952\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0050\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12953\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0075\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12954\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0095\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12955\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0096\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12956\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0099\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12957\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0119\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12958\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0227\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12959\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0230\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12960\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-7810\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12961\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-5174\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12962\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-5345\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12963\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-5346\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12964\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-5351\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12965\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-0706\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12966\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-0714\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12967\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-0762\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12968\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-0763\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12969\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-1240\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12970\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-3092\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12971\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-5018\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12972\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-5388\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12973\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-5425\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12974\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6325\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12975\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6794\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12976\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6796\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12977\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6797\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12978\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6816\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12979\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6817\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12980\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-8735\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12981\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-8745\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12982\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-8747\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12983\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-9774\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12984\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-9775\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12985\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-12615\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12986\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-12616\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12987\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-12617\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12988\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-15706\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12989\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5647\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12990\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5648\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12991\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5650\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12992\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5651\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12993\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5664\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12994\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7674\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12995\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7675\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12996\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-11784\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12997\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1304\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12998\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1305\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"12999\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1336\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13000\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-8014\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13001\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-8034\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13002\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-8037\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13003\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-0199\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13004\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-0221\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13005\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-0232\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13006\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10072\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13007\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-12418\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13008\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-17563\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13009\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-17569\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13010\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-2684\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13011\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-11996\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13012\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-13934\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13013\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-13935\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13014\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-13943\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13015\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-17527\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13016\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-1935\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13017\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-1938\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13018\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-8022\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13019\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-9484\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13020\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-24122\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13021\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-25122\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13022\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-25329\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13023\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-30639\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13024\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-30640\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13025\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-33037\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13026\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-41079\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13027\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-42340\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13028\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-43980\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13029\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-23181\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13030\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-25762\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13031\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-29885\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13032\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-34305\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13033\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-42252\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13034\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-45143\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13035\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-28708\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13036\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-28709\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13037\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-34981\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13038\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-41080\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13039\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-42794\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13040\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-42795\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13041\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13042\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-45648\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13043\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-46589\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13044\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-21733\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13045\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-23672\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13046\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-24549\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13047\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-34750\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13048\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-38286\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13049\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-50379\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13050\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-52316\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13051\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-52317\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13052\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-52318\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13053\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-54677\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13054\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-56337\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13055\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-24813\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13056\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-31650\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13057\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-31651\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13058\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-46701\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13059\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-48988\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13060\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-48989\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13061\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-49124\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13062\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-49125\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13063\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-52434\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13064\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-52520\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13065\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-53506\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13066\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-55668\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13067\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-55752\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13068\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-55754\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13069\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-61795\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:2.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/servlet-api@2.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13070\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-2076\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13071\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-2487\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13072\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-0803\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13073\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-2378\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13074\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-2379\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13075\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-3451\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13076\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-5575\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13077\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-5633\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13078\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-5786\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13079\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-0239\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13080\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-2160\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13081\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0034\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13082\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0035\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13083\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0109\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13084\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0110\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13085\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-3584\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13086\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-3623\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13087\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-5253\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13088\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6812\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13089\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-8739\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13090\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-12624\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13091\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-3156\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13092\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5653\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13093\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5656\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13094\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-8039\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13095\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-12406\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13096\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-12419\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13097\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-12423\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13098\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-17573\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13099\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-13954\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13100\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-1954\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13101\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-22696\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13102\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-30468\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13103\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-40690\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13104\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-46363\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13105\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-46364\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13106\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-28752\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13107\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-29736\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13108\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-32007\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13109\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-41172\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13110\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-23184\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13111\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-48795\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13112\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-48913\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.3.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.0?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13199\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-29425\",\n            \"component_name\": \"commons-io\",\n            \"component_version\": \"2.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_io:2.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/commons-io/commons-io@2.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13200\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-47554\",\n            \"component_name\": \"commons-io\",\n            \"component_version\": \"2.5\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_io:2.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/commons-io/commons-io@2.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13201\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-11979\",\n            \"component_name\": \"ant\",\n            \"component_version\": \"1.10.3\",\n            \"component_cpe\": \"cpe:2.3:a:apache:ant:1.10.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.ant/ant@1.10.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13202\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-1945\",\n            \"component_name\": \"ant\",\n            \"component_version\": \"1.10.3\",\n            \"component_cpe\": \"cpe:2.3:a:apache:ant:1.10.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.ant/ant@1.10.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13203\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-36373\",\n            \"component_name\": \"ant\",\n            \"component_version\": \"1.10.3\",\n            \"component_cpe\": \"cpe:2.3:a:apache:ant:1.10.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.ant/ant@1.10.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13204\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-36374\",\n            \"component_name\": \"ant\",\n            \"component_version\": \"1.10.3\",\n            \"component_cpe\": \"cpe:2.3:a:apache:ant:1.10.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.ant/ant@1.10.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13596\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-3772\",\n            \"component_name\": \"spring-integration-core\",\n            \"component_version\": \"5.5.10\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_integration:5.5.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.integration/spring-integration-core@5.5.10?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13597\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-5413\",\n            \"component_name\": \"spring-integration-core\",\n            \"component_version\": \"5.5.10\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_integration:5.5.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.integration/spring-integration-core@5.5.10?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13598\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-2894\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13599\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-4152\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13600\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-6429\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13601\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-7315\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13602\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0054\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13603\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-3625\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13604\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-0201\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13605\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-3192\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13606\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-1000027\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13607\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-9878\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13608\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-11039\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13609\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-11040\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13610\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1199\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13611\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1257\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13612\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1258\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13613\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1270\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13614\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1271\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13615\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1272\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13616\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1275\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13617\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-15756\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13618\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-15801\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13619\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-5397\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13620\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-5398\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13621\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-5421\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13622\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-22060\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13623\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-22096\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13624\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-22118\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13625\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-22950\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13626\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-22965\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13627\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-22968\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13628\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-22970\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13629\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-22971\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16112\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-2008\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13630\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-20860\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13631\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-20861\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13632\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-20863\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13633\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-34053\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13634\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-22233\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13635\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-22259\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13636\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-38808\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13637\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-38820\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.17?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13638\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0193\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.89.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13639\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-3488\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.89.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13640\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-2156\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.89.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13641\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-4970\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.89.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13642\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-16869\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.89.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13643\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-20444\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.89.Final?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13644\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-20445\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.89.Final?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13645\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-11612\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.89.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13646\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-7238\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.89.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13647\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-21290\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.89.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13648\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-21295\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.89.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13649\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-21409\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.89.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13650\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-37136\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.89.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13651\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-37137\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.89.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13652\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-43797\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.89.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13653\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-24823\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.89.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13654\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-41881\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.89.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13655\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-41915\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.89.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13656\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-34462\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.89.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13657\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.89.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13658\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-29025\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.89.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13659\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-47535\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.89.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13660\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-24970\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.89.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13661\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-25193\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.89.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13662\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-55163\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.89.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13663\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-58056\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.89.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13664\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-58057\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.89.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13665\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-67735\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.89.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": false,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13694\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0193\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.89.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13695\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-3488\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.89.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13696\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-2156\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.89.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13697\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-4970\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.89.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13698\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-16869\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.89.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13699\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-20444\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.89.Final?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13700\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-20445\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.89.Final?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13701\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-11612\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.89.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13702\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-7238\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.89.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13703\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-21290\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.89.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13704\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-21295\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.89.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13705\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-21409\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.89.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13706\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-37136\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.89.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13707\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-37137\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.89.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13708\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-43797\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.89.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13709\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-24823\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.89.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13710\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-41881\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.89.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13711\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-41915\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.89.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13712\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-34462\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.89.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13713\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.89.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13714\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-29025\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.89.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13715\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-47535\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.89.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13716\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-24970\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.89.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13717\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-25193\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.89.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13718\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-55163\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.89.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13719\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-58056\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.89.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13720\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-58057\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.89.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13721\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-67735\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.89.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.89.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": false,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13806\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-18640\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"2.0\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:2.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@2.0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13807\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-1471\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"2.0\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:2.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@2.0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13808\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-25857\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"2.0\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:2.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@2.0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13809\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-38749\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"2.0\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:2.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@2.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13810\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-38750\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"2.0\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:2.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@2.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13811\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-38751\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"2.0\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:2.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@2.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13812\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-38752\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"2.0\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:2.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@2.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13813\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-41854\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"2.0\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:2.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@2.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13894\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-0684\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13895\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-1244\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13896\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-1587\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13897\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-4905\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13898\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-5784\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13899\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-6092\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13900\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-6551\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13901\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-1879\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13902\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-1880\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13903\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-3060\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13904\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-3576\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13905\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-3600\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13906\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-3612\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13907\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-8110\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13908\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-1830\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13909\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-5254\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13910\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-6524\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13911\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-7559\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13912\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-0734\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13913\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-0782\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13914\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-3088\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13915\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6810\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13916\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-15709\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13917\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-11775\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13918\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-8006\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13919\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-0201\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13920\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-0222\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13921\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10241\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13922\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-11998\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13923\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-13920\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13924\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-13947\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13925\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-1941\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13926\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-26217\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13927\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-21341\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16113\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-2009\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13928\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-21342\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13929\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-21343\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13930\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-21344\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13931\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-21345\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13932\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-21346\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13933\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-21347\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13934\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-21348\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13935\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-21349\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13936\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-21350\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13937\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-21351\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13938\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-26117\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13939\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-41678\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13940\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-46604\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 10,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13941\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-32114\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13942\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-27533\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:activemq:5.18.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.activemq/activemq-client@5.18.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13943\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-8125\",\n            \"component_name\": \"drools-core\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_cpe\": \"cpe:2.3:a:redhat:drools:7.71.0.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.drools/drools-core@7.71.0.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13944\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-41411\",\n            \"component_name\": \"drools-core\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_cpe\": \"cpe:2.3:a:redhat:drools:7.71.0.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.drools/drools-core@7.71.0.Final?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13945\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-1415\",\n            \"component_name\": \"drools-core\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_cpe\": \"cpe:2.3:a:redhat:drools:7.71.0.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.drools/drools-core@7.71.0.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13952\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-8125\",\n            \"component_name\": \"drools-mvel\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_cpe\": \"cpe:2.3:a:redhat:drools:7.71.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.drools/drools-mvel@7.71.0.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13953\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-41411\",\n            \"component_name\": \"drools-mvel\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_cpe\": \"cpe:2.3:a:redhat:drools:7.71.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.drools/drools-mvel@7.71.0.Final?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13954\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-1415\",\n            \"component_name\": \"drools-mvel\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_cpe\": \"cpe:2.3:a:redhat:drools:7.71.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.drools/drools-mvel@7.71.0.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13964\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-0213\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:poi:4.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.poi/poi-ooxml@4.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13965\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-3529\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:poi:4.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.poi/poi-ooxml@4.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13966\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-3574\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:poi:4.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.poi/poi-ooxml@4.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13967\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-9527\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:poi:4.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.poi/poi-ooxml@4.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13968\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-5000\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:poi:4.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.poi/poi-ooxml@4.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13969\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-12626\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:poi:4.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.poi/poi-ooxml@4.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13970\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5644\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:poi:4.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.poi/poi-ooxml@4.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13971\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-12415\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:poi:4.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.poi/poi-ooxml@4.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13972\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-26336\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:poi:4.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.poi/poi-ooxml@4.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13973\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-31672\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:poi:4.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.poi/poi-ooxml@4.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13974\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-23926\",\n            \"component_name\": \"xmlbeans\",\n            \"component_version\": \"3.1.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:xmlbeans:3.1.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.xmlbeans/xmlbeans@3.1.0?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13975\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-2098\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_compress:1.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.commons/commons-compress@1.19?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13976\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-11771\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_compress:1.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.commons/commons-compress@1.19?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13977\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1324\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_compress:1.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.commons/commons-compress@1.19?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13978\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-12402\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_compress:1.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.commons/commons-compress@1.19?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13979\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-35515\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_compress:1.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.commons/commons-compress@1.19?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13980\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-35516\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_compress:1.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.commons/commons-compress@1.19?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13981\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-35517\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_compress:1.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.commons/commons-compress@1.19?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13982\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-36090\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_compress:1.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.commons/commons-compress@1.19?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13983\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-42503\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_compress:1.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.commons/commons-compress@1.19?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13984\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-25710\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_compress:1.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.commons/commons-compress@1.19?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13985\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-26308\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_compress:1.19:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.commons/commons-compress@1.19?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13996\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-6465\",\n            \"component_name\": \"jbpm-flow\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_cpe\": \"cpe:2.3:a:redhat:jbpm:7.71.0:final:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.jbpm/jbpm-flow@7.71.0.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13997\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-8125\",\n            \"component_name\": \"jbpm-flow\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_cpe\": \"cpe:2.3:a:redhat:jbpm:7.71.0:final:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.jbpm/jbpm-flow@7.71.0.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13998\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7545\",\n            \"component_name\": \"jbpm-flow\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_cpe\": \"cpe:2.3:a:redhat:jbpm:7.71.0:final:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.jbpm/jbpm-flow@7.71.0.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"13999\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-20306\",\n            \"component_name\": \"jbpm-flow\",\n            \"component_version\": \"7.71.0.Final\",\n            \"component_cpe\": \"cpe:2.3:a:redhat:jbpm:7.71.0:final:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.jbpm/jbpm-flow@7.71.0.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14015\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-22569\",\n            \"component_name\": \"protobuf-java\",\n            \"component_version\": \"3.19.4\",\n            \"component_cpe\": \"cpe:2.3:a:google:protobuf-java:3.19.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.google.protobuf/protobuf-java@3.19.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14016\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-3171\",\n            \"component_name\": \"protobuf-java\",\n            \"component_version\": \"3.19.4\",\n            \"component_cpe\": \"cpe:2.3:a:google:protobuf-java:3.19.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.google.protobuf/protobuf-java@3.19.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14017\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-3509\",\n            \"component_name\": \"protobuf-java\",\n            \"component_version\": \"3.19.4\",\n            \"component_cpe\": \"cpe:2.3:a:google:protobuf-java:3.19.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.google.protobuf/protobuf-java@3.19.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14018\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-3510\",\n            \"component_name\": \"protobuf-java\",\n            \"component_version\": \"3.19.4\",\n            \"component_cpe\": \"cpe:2.3:a:google:protobuf-java:3.19.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.google.protobuf/protobuf-java@3.19.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14019\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-7254\",\n            \"component_name\": \"protobuf-java\",\n            \"component_version\": \"3.19.4\",\n            \"component_cpe\": \"cpe:2.3:a:google:protobuf-java:3.19.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.google.protobuf/protobuf-java@3.19.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14020\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-10237\",\n            \"component_name\": \"guava\",\n            \"component_version\": \"31.0.1-android\",\n            \"component_cpe\": \"cpe:2.3:a:google:guava:31.0.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.google.guava/guava@31.0.1-android?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14021\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-8908\",\n            \"component_name\": \"guava\",\n            \"component_version\": \"31.0.1-android\",\n            \"component_cpe\": \"cpe:2.3:a:google:guava:31.0.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.google.guava/guava@31.0.1-android?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14022\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-2976\",\n            \"component_name\": \"guava\",\n            \"component_version\": \"31.0.1-android\",\n            \"component_cpe\": \"cpe:2.3:a:google:guava:31.0.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.google.guava/guava@31.0.1-android?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14023\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0114\",\n            \"component_name\": \"commons-beanutils\",\n            \"component_version\": \"1.9.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_beanutils:1.9.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/commons-beanutils/commons-beanutils@1.9.0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14024\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10086\",\n            \"component_name\": \"commons-beanutils\",\n            \"component_version\": \"1.9.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_beanutils:1.9.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/commons-beanutils/commons-beanutils@1.9.0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14025\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-48734\",\n            \"component_name\": \"commons-beanutils\",\n            \"component_version\": \"1.9.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_beanutils:1.9.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/commons-beanutils/commons-beanutils@1.9.0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14026\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-0026\",\n            \"component_name\": \"jackrabbit-core\",\n            \"component_version\": \"2.19.6\",\n            \"component_cpe\": \"cpe:2.3:a:apache:jackrabbit:2.19.6:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.19.6?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14027\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-1833\",\n            \"component_name\": \"jackrabbit-core\",\n            \"component_version\": \"2.19.6\",\n            \"component_cpe\": \"cpe:2.3:a:apache:jackrabbit:2.19.6:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.19.6?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14028\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6801\",\n            \"component_name\": \"jackrabbit-core\",\n            \"component_version\": \"2.19.6\",\n            \"component_cpe\": \"cpe:2.3:a:apache:jackrabbit:2.19.6:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.19.6?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14029\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-37895\",\n            \"component_name\": \"jackrabbit-core\",\n            \"component_version\": \"2.19.6\",\n            \"component_cpe\": \"cpe:2.3:a:apache:jackrabbit:2.19.6:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.19.6?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14030\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-53689\",\n            \"component_name\": \"jackrabbit-core\",\n            \"component_version\": \"2.19.6\",\n            \"component_cpe\": \"cpe:2.3:a:apache:jackrabbit:2.19.6:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.19.6?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14031\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-58782\",\n            \"component_name\": \"jackrabbit-core\",\n            \"component_version\": \"2.19.6\",\n            \"component_cpe\": \"cpe:2.3:a:apache:jackrabbit:2.19.6:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.19.6?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14056\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-3271\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tika:1.22:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tika/tika-core@1.22?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14057\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-4434\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tika:1.22:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tika/tika-core@1.22?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14058\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6809\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tika:1.22:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tika/tika-core@1.22?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14059\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-11761\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tika:1.22:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tika/tika-core@1.22?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14060\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-11762\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tika:1.22:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tika/tika-core@1.22?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14061\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-11796\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tika:1.22:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tika/tika-core@1.22?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14062\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1335\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tika:1.22:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tika/tika-core@1.22?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14063\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1338\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tika:1.22:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tika/tika-core@1.22?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14064\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1339\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tika:1.22:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tika/tika-core@1.22?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14065\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-17197\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tika:1.22:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tika/tika-core@1.22?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14066\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-8017\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tika:1.22:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tika/tika-core@1.22?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14067\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10088\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tika:1.22:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tika/tika-core@1.22?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14068\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10093\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tika:1.22:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tika/tika-core@1.22?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14069\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10094\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tika:1.22:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tika/tika-core@1.22?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14070\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-1950\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tika:1.22:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tika/tika-core@1.22?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14071\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-1951\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tika:1.22:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tika/tika-core@1.22?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14072\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-9489\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tika:1.22:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tika/tika-core@1.22?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14073\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-28657\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tika:1.22:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tika/tika-core@1.22?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14074\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-33813\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tika:1.22:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tika/tika-core@1.22?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14075\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-25169\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tika:1.22:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tika/tika-core@1.22?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14076\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-30126\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tika:1.22:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tika/tika-core@1.22?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14077\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-30973\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tika:1.22:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tika/tika-core@1.22?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14078\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-33879\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tika:1.22:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tika/tika-core@1.22?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14079\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-54988\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tika:1.22:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tika/tika-core@1.22?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14080\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-66516\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tika:1.22:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tika/tika-core@1.22?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.4,\n            \"has_epss_data\": false,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14081\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-4849\",\n            \"component_name\": \"derby\",\n            \"component_version\": \"10.14.2.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:derby:10.14.2.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.derby/derby@10.14.2.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14082\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2006-7216\",\n            \"component_name\": \"derby\",\n            \"component_version\": \"10.14.2.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:derby:10.14.2.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.derby/derby@10.14.2.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14083\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2006-7217\",\n            \"component_name\": \"derby\",\n            \"component_version\": \"10.14.2.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:derby:10.14.2.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.derby/derby@10.14.2.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14084\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-4269\",\n            \"component_name\": \"derby\",\n            \"component_version\": \"10.14.2.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:derby:10.14.2.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.derby/derby@10.14.2.0?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14085\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-2232\",\n            \"component_name\": \"derby\",\n            \"component_version\": \"10.14.2.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:derby:10.14.2.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.derby/derby@10.14.2.0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14086\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-1832\",\n            \"component_name\": \"derby\",\n            \"component_version\": \"10.14.2.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:derby:10.14.2.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.derby/derby@10.14.2.0?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14087\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1313\",\n            \"component_name\": \"derby\",\n            \"component_version\": \"10.14.2.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:derby:10.14.2.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.derby/derby@10.14.2.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14088\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-46337\",\n            \"component_name\": \"derby\",\n            \"component_version\": \"10.14.2.0\",\n            \"component_cpe\": \"cpe:2.3:a:apache:derby:10.14.2.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.derby/derby@10.14.2.0?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14089\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-3772\",\n            \"component_name\": \"spring-integration-file\",\n            \"component_version\": \"6.4.1\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_integration:6.4.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.integration/spring-integration-file@6.4.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14090\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-5413\",\n            \"component_name\": \"spring-integration-file\",\n            \"component_version\": \"6.4.1\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_integration:6.4.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.integration/spring-integration-file@6.4.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14091\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-3253\",\n            \"component_name\": \"groovy-all\",\n            \"component_version\": \"2.1.9\",\n            \"component_cpe\": \"cpe:2.3:a:apache:groovy:2.1.9:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.codehaus.groovy/groovy-all@2.1.9?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14092\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6814\",\n            \"component_name\": \"groovy-all\",\n            \"component_version\": \"2.1.9\",\n            \"component_cpe\": \"cpe:2.3:a:apache:groovy:2.1.9:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.codehaus.groovy/groovy-all@2.1.9?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14093\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-17521\",\n            \"component_name\": \"groovy-all\",\n            \"component_version\": \"2.1.9\",\n            \"component_cpe\": \"cpe:2.3:a:apache:groovy:2.1.9:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.codehaus.groovy/groovy-all@2.1.9?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14180\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-5045\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14181\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-5046\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14182\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-2080\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14183\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-4800\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14184\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7656\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14185\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7657\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14186\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7658\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14187\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-9735\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14188\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-12536\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14189\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-12538\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14190\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-12545\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14191\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10241\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14192\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10246\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14193\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10247\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14194\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-17632\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14195\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-17638\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14196\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-27216\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14197\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-27218\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14198\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-27223\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14199\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-28163\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14200\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-28164\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14201\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-28165\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14202\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-28169\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14203\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-34428\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14204\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-34429\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14205\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-2047\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14206\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-2048\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14207\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-2191\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14208\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-26048\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14209\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-26049\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14210\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-36478\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14211\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-36479\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14212\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-40167\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14213\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-41900\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14214\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14215\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-13009\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14216\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-22201\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14217\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-6762\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14218\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-6763\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14219\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-8184\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14220\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-9823\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14221\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-1948\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.12.v20180830:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-util@9.4.12.v20180830?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14306\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7860\",\n            \"component_name\": \"grpc-api\",\n            \"component_version\": \"1.47.1\",\n            \"component_cpe\": \"cpe:2.3:a:grpc:grpc:1.47.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.grpc/grpc-api@1.47.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14307\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7861\",\n            \"component_name\": \"grpc-api\",\n            \"component_version\": \"1.47.1\",\n            \"component_cpe\": \"cpe:2.3:a:grpc:grpc:1.47.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.grpc/grpc-api@1.47.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14308\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-8359\",\n            \"component_name\": \"grpc-api\",\n            \"component_version\": \"1.47.1\",\n            \"component_cpe\": \"cpe:2.3:a:grpc:grpc:1.47.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.grpc/grpc-api@1.47.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14309\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-9431\",\n            \"component_name\": \"grpc-api\",\n            \"component_version\": \"1.47.1\",\n            \"component_cpe\": \"cpe:2.3:a:grpc:grpc:1.47.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.grpc/grpc-api@1.47.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14310\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-7768\",\n            \"component_name\": \"grpc-api\",\n            \"component_version\": \"1.47.1\",\n            \"component_cpe\": \"cpe:2.3:a:grpc:grpc:1.47.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.grpc/grpc-api@1.47.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14311\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-1428\",\n            \"component_name\": \"grpc-api\",\n            \"component_version\": \"1.47.1\",\n            \"component_cpe\": \"cpe:2.3:a:grpc:grpc:1.47.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.grpc/grpc-api@1.47.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14312\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-32731\",\n            \"component_name\": \"grpc-api\",\n            \"component_version\": \"1.47.1\",\n            \"component_cpe\": \"cpe:2.3:a:grpc:grpc:1.47.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.grpc/grpc-api@1.47.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14313\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-32732\",\n            \"component_name\": \"grpc-api\",\n            \"component_version\": \"1.47.1\",\n            \"component_cpe\": \"cpe:2.3:a:grpc:grpc:1.47.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.grpc/grpc-api@1.47.1?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14314\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-33953\",\n            \"component_name\": \"grpc-api\",\n            \"component_version\": \"1.47.1\",\n            \"component_cpe\": \"cpe:2.3:a:grpc:grpc:1.47.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.grpc/grpc-api@1.47.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14315\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"grpc-api\",\n            \"component_version\": \"1.47.1\",\n            \"component_cpe\": \"cpe:2.3:a:grpc:grpc:1.47.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.grpc/grpc-api@1.47.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14316\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-4785\",\n            \"component_name\": \"grpc-api\",\n            \"component_version\": \"1.47.1\",\n            \"component_cpe\": \"cpe:2.3:a:grpc:grpc:1.47.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.grpc/grpc-api@1.47.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14317\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-11407\",\n            \"component_name\": \"grpc-api\",\n            \"component_version\": \"1.47.1\",\n            \"component_cpe\": \"cpe:2.3:a:grpc:grpc:1.47.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.grpc/grpc-api@1.47.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14318\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-7246\",\n            \"component_name\": \"grpc-api\",\n            \"component_version\": \"1.47.1\",\n            \"component_cpe\": \"cpe:2.3:a:grpc:grpc:1.47.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.grpc/grpc-api@1.47.1?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14319\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-22569\",\n            \"component_name\": \"protobuf-java\",\n            \"component_version\": \"3.19.6\",\n            \"component_cpe\": \"cpe:2.3:a:google:protobuf-java:3.19.6:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.google.protobuf/protobuf-java@3.19.6?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14320\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-3171\",\n            \"component_name\": \"protobuf-java\",\n            \"component_version\": \"3.19.6\",\n            \"component_cpe\": \"cpe:2.3:a:google:protobuf-java:3.19.6:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.google.protobuf/protobuf-java@3.19.6?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14321\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-3509\",\n            \"component_name\": \"protobuf-java\",\n            \"component_version\": \"3.19.6\",\n            \"component_cpe\": \"cpe:2.3:a:google:protobuf-java:3.19.6:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.google.protobuf/protobuf-java@3.19.6?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14322\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-3510\",\n            \"component_name\": \"protobuf-java\",\n            \"component_version\": \"3.19.6\",\n            \"component_cpe\": \"cpe:2.3:a:google:protobuf-java:3.19.6:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.google.protobuf/protobuf-java@3.19.6?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14323\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-7254\",\n            \"component_name\": \"protobuf-java\",\n            \"component_version\": \"3.19.6\",\n            \"component_cpe\": \"cpe:2.3:a:google:protobuf-java:3.19.6:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.google.protobuf/protobuf-java@3.19.6?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14337\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-25647\",\n            \"component_name\": \"gson\",\n            \"component_version\": \"2.9.0\",\n            \"component_cpe\": \"cpe:2.3:a:google:gson:2.9.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.google.code.gson/gson@2.9.0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14338\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2000-0672\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14339\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2000-0759\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14340\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2000-0760\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14341\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2000-1210\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14342\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2001-0590\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14343\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2001-0829\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14344\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2001-0917\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14345\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2001-1563\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14346\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-0682\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14347\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-0935\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14348\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-0936\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14349\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-1148\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14350\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-1394\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14351\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-1567\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14352\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-1895\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14353\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-2006\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14354\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-2007\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14355\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-2008\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14356\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-2009\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14357\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-2272\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14358\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2003-0042\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14359\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2003-0043\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14360\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2003-0044\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14361\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2003-0045\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14362\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2003-0866\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14363\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-0808\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14364\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-2090\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14365\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-3164\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14366\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-3510\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14367\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-4703\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14368\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-4836\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14369\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-4838\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14370\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2006-3835\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14371\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2006-7195\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14372\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2006-7196\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14373\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2006-7197\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14374\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-0450\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14375\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-1355\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14376\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-1358\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14377\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-1858\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14378\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-2449\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14379\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-2450\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14380\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-3382\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14381\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-3383\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14382\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-3384\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14383\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-3385\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14384\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-3386\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14385\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-4724\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14386\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-5333\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14387\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-5342\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14388\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-5461\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14389\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-6286\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14390\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-0002\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14391\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-0128\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14392\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-1232\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14393\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-1947\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14394\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-2370\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14395\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-2938\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14396\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-3271\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14397\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-4308\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14398\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-5515\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14399\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-5519\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14400\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-0033\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14401\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-0580\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14402\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-0781\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14403\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-0783\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14404\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-2693\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14405\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-2696\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14406\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-2901\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14407\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-2902\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14408\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-3548\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14409\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-1157\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14410\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-2227\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14411\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-3718\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14412\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-4172\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14413\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-4312\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14414\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-0013\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14415\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-0534\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14416\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-1088\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14417\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-1183\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14418\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-1184\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14419\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-1419\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14420\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-1475\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14421\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-1582\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14422\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-2204\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14423\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-2481\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14424\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-2526\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14425\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-2729\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14426\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-3190\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14427\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-3375\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14428\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-3376\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14429\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-4858\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14430\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-5062\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14431\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-5063\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14432\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-5064\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14433\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-0022\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14434\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-2733\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14435\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-3544\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14436\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-3546\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14437\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-4431\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14438\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-4534\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14439\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-5568\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14440\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-5885\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14441\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-5886\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14442\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-5887\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14443\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-0346\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14444\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-2067\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14445\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-2071\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14446\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-2185\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14447\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-4286\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14448\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-4322\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14449\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-4444\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14450\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-4590\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14451\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-6357\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14452\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0033\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14453\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0050\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14454\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0075\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14455\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0095\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14456\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0096\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14457\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0099\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14458\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0119\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14459\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0227\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14460\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0230\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14461\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-7810\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14462\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-5174\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14463\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-5345\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14464\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-5346\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14465\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-5351\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14466\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-0706\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14467\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-0714\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14468\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-0762\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14469\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-0763\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14470\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-1240\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14471\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-3092\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14472\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-5018\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14473\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-5388\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14474\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-5425\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14475\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6325\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14476\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6794\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14477\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6796\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14478\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6797\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14479\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6816\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14480\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6817\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14481\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-8735\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14482\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-8745\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14483\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-8747\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14484\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-9774\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14485\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-9775\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14486\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-12615\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14487\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-12616\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14488\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-12617\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14489\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-15706\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14490\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5647\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14491\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5648\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14492\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5650\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14493\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5651\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14494\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5664\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14495\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7674\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14496\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7675\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14497\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-11784\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14498\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1304\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14499\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1305\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14500\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1336\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14501\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-8014\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14502\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-8034\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14503\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-8037\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14504\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-0199\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14505\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-0221\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14506\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-0232\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14507\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10072\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14508\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-12418\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14509\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-17563\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14510\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-17569\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14511\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-2684\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14512\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-11996\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14513\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-13934\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14514\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-13935\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14515\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-13943\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14516\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-17527\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14517\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-1935\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14518\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-1938\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14519\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-8022\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14520\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-9484\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14521\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-24122\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14522\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-25122\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14523\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-25329\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14524\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-30639\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14525\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-30640\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14526\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-33037\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14527\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-41079\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14528\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-42340\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14529\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-43980\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14530\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-23181\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14531\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-25762\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14532\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-29885\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14533\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-34305\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14534\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-42252\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14535\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-45143\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14536\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-28708\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14537\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-28709\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14538\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-34981\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14539\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-41080\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14540\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-42794\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14541\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-42795\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14542\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14543\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-45648\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14544\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-46589\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14545\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-21733\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14546\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-23672\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14547\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-24549\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14548\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-34750\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14549\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-38286\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14550\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-50379\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14551\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-52316\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14552\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-52317\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14553\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-52318\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14554\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-54677\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14555\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-56337\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14556\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-24813\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14557\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-31650\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14558\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-31651\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14559\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-46701\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14560\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-48988\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14561\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-48989\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14562\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-49124\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14563\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-49125\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14564\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-52434\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14565\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-52520\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14566\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-53506\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14567\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-55668\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14568\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-55752\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14569\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-55754\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14570\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-61795\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:6.0.53:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/annotations-api@6.0.53?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14571\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-5045\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14572\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-5046\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14573\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-2080\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14574\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-4800\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14575\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7656\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14576\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7657\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14577\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7658\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14578\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-9735\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14579\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-12536\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14580\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-12538\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14581\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-12545\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14582\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10241\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14583\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10246\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14584\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10247\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14585\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-17632\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14586\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-17638\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14587\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-27216\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14588\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-27218\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14589\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-27223\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14590\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-28163\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14591\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-28164\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14592\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-28165\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14593\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-28169\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14594\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-34428\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14595\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-34429\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14596\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-2047\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14597\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-2048\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14598\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-2191\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14599\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-26048\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14600\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-26049\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14601\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-36478\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14602\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-36479\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14832\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2000-0759\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14603\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-40167\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14604\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-41900\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14605\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14606\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-13009\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14607\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-22201\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14608\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-6762\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14609\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-6763\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14610\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-8184\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14611\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-9823\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14612\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-1948\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.4.7.RC0?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14739\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-8046\",\n            \"component_name\": \"spring-boot-starter-websocket\",\n            \"component_version\": \"2.7.5\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_boot:2.7.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.boot/spring-boot-starter-websocket@2.7.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14740\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1196\",\n            \"component_name\": \"spring-boot-starter-websocket\",\n            \"component_version\": \"2.7.5\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_boot:2.7.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.boot/spring-boot-starter-websocket@2.7.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14741\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-26987\",\n            \"component_name\": \"spring-boot-starter-websocket\",\n            \"component_version\": \"2.7.5\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_boot:2.7.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.boot/spring-boot-starter-websocket@2.7.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14742\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-27772\",\n            \"component_name\": \"spring-boot-starter-websocket\",\n            \"component_version\": \"2.7.5\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_boot:2.7.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.boot/spring-boot-starter-websocket@2.7.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14743\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-20873\",\n            \"component_name\": \"spring-boot-starter-websocket\",\n            \"component_version\": \"2.7.5\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_boot:2.7.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.boot/spring-boot-starter-websocket@2.7.5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14744\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-20883\",\n            \"component_name\": \"spring-boot-starter-websocket\",\n            \"component_version\": \"2.7.5\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_boot:2.7.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.boot/spring-boot-starter-websocket@2.7.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14745\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-22602\",\n            \"component_name\": \"spring-boot-starter-websocket\",\n            \"component_version\": \"2.7.5\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_boot:2.7.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.boot/spring-boot-starter-websocket@2.7.5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14746\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-34055\",\n            \"component_name\": \"spring-boot-starter-websocket\",\n            \"component_version\": \"2.7.5\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_boot:2.7.5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.boot/spring-boot-starter-websocket@2.7.5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14787\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5645\",\n            \"component_name\": \"log4j-to-slf4j\",\n            \"component_version\": \"2.17.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:2.17.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.17.2?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14788\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-17571\",\n            \"component_name\": \"log4j-to-slf4j\",\n            \"component_version\": \"2.17.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:2.17.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.17.2?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14789\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-9488\",\n            \"component_name\": \"log4j-to-slf4j\",\n            \"component_version\": \"2.17.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:2.17.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.17.2?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14790\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-9493\",\n            \"component_name\": \"log4j-to-slf4j\",\n            \"component_version\": \"2.17.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:2.17.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.17.2?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14791\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-4104\",\n            \"component_name\": \"log4j-to-slf4j\",\n            \"component_version\": \"2.17.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:2.17.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.17.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14792\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-44228\",\n            \"component_name\": \"log4j-to-slf4j\",\n            \"component_version\": \"2.17.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:2.17.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.17.2?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 10,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14793\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-44832\",\n            \"component_name\": \"log4j-to-slf4j\",\n            \"component_version\": \"2.17.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:2.17.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.17.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14794\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-45046\",\n            \"component_name\": \"log4j-to-slf4j\",\n            \"component_version\": \"2.17.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:2.17.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.17.2?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14795\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-45105\",\n            \"component_name\": \"log4j-to-slf4j\",\n            \"component_version\": \"2.17.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:2.17.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.17.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14796\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-23302\",\n            \"component_name\": \"log4j-to-slf4j\",\n            \"component_version\": \"2.17.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:2.17.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.17.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14797\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-23305\",\n            \"component_name\": \"log4j-to-slf4j\",\n            \"component_version\": \"2.17.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:2.17.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.17.2?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14798\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-23307\",\n            \"component_name\": \"log4j-to-slf4j\",\n            \"component_version\": \"2.17.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:2.17.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.17.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14799\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-26464\",\n            \"component_name\": \"log4j-to-slf4j\",\n            \"component_version\": \"2.17.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:2.17.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.17.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14800\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-68161\",\n            \"component_name\": \"log4j-to-slf4j\",\n            \"component_version\": \"2.17.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:log4j:2.17.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.17.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": false,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14831\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2000-0672\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14833\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2000-0760\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14834\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2000-1210\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14835\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2001-0590\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14836\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2001-0829\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14837\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2001-0917\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14838\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2001-1563\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14839\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-0682\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14840\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-0935\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14841\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-0936\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14842\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-1148\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14843\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-1394\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14844\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-1567\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14845\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-1895\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14846\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-2006\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14847\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-2007\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14848\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-2008\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14849\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-2009\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14850\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-2272\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14851\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2003-0042\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14852\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2003-0043\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14853\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2003-0044\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14854\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2003-0045\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14855\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2003-0866\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14856\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-0808\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14857\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-2090\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14858\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-3164\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14859\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-3510\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14860\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-4703\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14861\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-4836\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14862\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-4838\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14863\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2006-3835\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14864\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2006-7195\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14865\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2006-7196\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14866\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2006-7197\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14867\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-0450\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16110\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-2006\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14868\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-1355\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14869\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-1358\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14870\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-1858\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14871\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-2449\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14872\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-2450\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14873\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-3382\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14874\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-3383\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14875\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-3384\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14876\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-3385\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14877\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-3386\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14878\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-4724\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14879\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-5333\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14880\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-5342\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14881\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-5461\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14882\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-6286\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14883\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-0002\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14884\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-0128\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14885\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-1232\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14886\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-1947\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14887\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-2370\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14888\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-2938\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14889\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-3271\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14890\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-4308\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14891\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-5515\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14892\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-5519\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14893\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-0033\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14894\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-0580\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14895\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-0781\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14896\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-0783\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14897\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-2693\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14898\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-2696\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14899\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-2901\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14900\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-2902\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14901\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-3548\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14902\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-1157\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14903\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-2227\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14904\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-3718\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14905\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-4172\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14906\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-4312\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14907\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-0013\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14908\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-0534\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14909\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-1088\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14910\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-1183\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14911\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-1184\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14912\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-1419\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14913\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-1475\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14914\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-1582\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14915\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-2204\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14916\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-2481\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14917\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-2526\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14918\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-2729\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14919\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-3190\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14920\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-3375\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14921\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-3376\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14922\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-4858\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14923\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-5062\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14924\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-5063\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14925\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-5064\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14926\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-0022\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14927\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-2733\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14928\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-3544\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14929\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-3546\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14930\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-4431\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14931\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-4534\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14932\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-5568\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14933\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-5885\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14934\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-5886\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14935\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-5887\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14936\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-0346\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14937\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-2067\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14938\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-2071\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14939\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-2185\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14940\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-4286\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14941\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-4322\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14942\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-4444\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14943\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-4590\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14944\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-6357\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14945\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0033\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14946\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0050\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14947\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0075\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14948\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0095\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14949\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0096\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14950\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0099\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14951\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0119\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14952\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0227\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14953\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0230\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14954\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-7810\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14955\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-5174\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14956\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-5345\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14957\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-5346\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14958\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-5351\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14959\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-0706\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14960\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-0714\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14961\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-0762\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14962\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-0763\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14963\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-1240\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14964\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-3092\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14965\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-5018\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14966\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-5388\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14967\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-5425\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14968\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6325\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14969\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6794\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14970\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6796\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14971\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6797\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14972\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6816\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14973\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6817\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14974\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-8735\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14975\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-8745\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14976\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-8747\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14977\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-9774\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14978\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-9775\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14979\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-12615\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14980\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-12616\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14981\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-12617\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14982\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-15706\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14983\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5647\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14984\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5648\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14985\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5650\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14986\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5651\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14987\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5664\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14988\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7674\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14989\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7675\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14990\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-11784\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14991\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1304\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14992\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1305\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14993\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1336\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14994\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-8014\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14995\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-8034\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14996\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-8037\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14997\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-0199\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14998\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-0221\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"14999\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-0232\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15000\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10072\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15001\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-12418\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15002\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-17563\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15003\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-17569\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15004\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-2684\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15005\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-11996\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15006\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-13934\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15007\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-13935\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15008\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-13943\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15009\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-17527\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15010\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-1935\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15011\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-1938\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15012\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-8022\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15013\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-9484\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15014\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-24122\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15015\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-25122\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15016\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-25329\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15017\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-30639\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15018\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-30640\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15019\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-33037\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15020\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-41079\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15021\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-42340\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15022\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-43980\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15023\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-23181\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15024\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-25762\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15025\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-29885\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15026\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-34305\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15027\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-42252\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15028\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-45143\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15029\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-28708\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15030\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-28709\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15031\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-34981\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15032\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-41080\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15033\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-42794\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15034\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-42795\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15035\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15036\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-45648\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15037\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-46589\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15038\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-21733\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15039\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-23672\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15040\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-24549\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15041\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-34750\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15042\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-38286\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15043\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-50379\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15044\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-52316\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15045\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-52317\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15046\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-52318\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15047\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-54677\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15048\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-56337\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15049\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-24813\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15050\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-31650\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15051\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-31651\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15052\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-46701\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15053\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-48988\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15054\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-48989\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15055\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-49124\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15056\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-49125\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15057\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-52434\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15058\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-52520\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15059\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-53506\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15060\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-55668\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15061\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-55752\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15062\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-55754\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15063\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-61795\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15064\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-2894\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15065\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-4152\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15066\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-6429\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15067\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-7315\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15068\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0054\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15069\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-3625\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15070\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-0201\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15071\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-3192\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15072\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-1000027\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15073\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-9878\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15074\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-11039\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15075\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-11040\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15076\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1199\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15077\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1257\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15078\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1258\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15079\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1270\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15080\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1271\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15081\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1272\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15082\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1275\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15083\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-15756\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15084\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-15801\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15085\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-5397\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15086\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-5398\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15087\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-5421\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15088\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-22060\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15089\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-22096\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15090\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-22118\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15091\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-22950\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15092\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-22965\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15093\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-22968\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15094\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-22970\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15095\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-22971\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15096\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-20860\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15097\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-20861\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15098\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-20863\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15099\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-34053\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15100\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-22233\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15101\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-22259\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15102\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-38808\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15103\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-38820\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-messaging@5.3.23?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15270\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-2894\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15271\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-4152\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15272\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-6429\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15273\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-7315\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15274\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0054\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15275\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-3625\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15276\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-0201\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15277\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-3192\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15278\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-1000027\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15279\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-9878\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15280\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-11039\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15281\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-11040\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15282\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1199\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15283\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1257\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15284\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1258\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15285\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1270\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15286\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1271\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15287\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1272\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15288\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1275\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15289\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-15756\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15290\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-15801\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15291\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-5397\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15292\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-5398\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15293\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-5421\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15294\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-22060\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15295\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-22096\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15296\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-22118\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15297\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-22950\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15298\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-22965\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15299\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-22968\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15300\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-22970\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15301\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-22971\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15302\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-20860\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15303\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-20861\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15304\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-20863\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15305\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-34053\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15306\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-22233\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15307\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-22259\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15308\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-38808\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15309\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-38820\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework/spring-expression@5.3.16?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15310\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-5045\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15311\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-5046\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15312\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-2080\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15313\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-4800\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15314\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7656\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15315\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7657\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15316\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7658\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15317\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-9735\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15318\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-12536\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15319\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-12538\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15320\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-12545\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15321\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10241\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15322\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10246\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15323\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10247\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15324\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-17632\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15325\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-17638\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15326\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-27216\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15327\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-27218\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15328\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-27223\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15329\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-28163\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15330\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-28164\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15331\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-28165\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15332\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-28169\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15333\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-34428\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15334\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-34429\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15335\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-2047\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15336\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-2048\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15337\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-2191\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15338\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-26048\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15339\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-26049\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15340\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-36478\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15341\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-36479\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15342\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-40167\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15343\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-41900\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15344\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15345\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-13009\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15346\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-22201\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15347\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-6762\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15348\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-6763\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15349\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-8184\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15350\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-9823\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15351\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-1948\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-websocket@8.1.0.RC5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15394\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-5045\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15395\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-5046\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15396\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-2080\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15397\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-4800\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15398\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7656\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15399\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7657\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15400\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7658\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15401\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-9735\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15402\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-12536\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15403\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-12538\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15404\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-12545\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15405\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10241\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15406\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10246\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15407\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10247\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15408\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-17632\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15409\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-17638\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15410\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-27216\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15411\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-27218\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15412\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-27223\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15413\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-28163\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15414\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-28164\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15415\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-28165\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15416\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-28169\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15417\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-34428\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15418\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-34429\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15419\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-2047\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16111\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-2007\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15420\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-2048\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15421\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-2191\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15422\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-26048\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15423\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-26049\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15424\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-36478\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15425\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-36479\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15426\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-40167\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15427\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-41900\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15428\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15429\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-13009\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15430\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-22201\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15431\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-6762\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15432\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-6763\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15433\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-8184\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15434\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-9823\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15435\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-1948\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:8.1.0.rc5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-io@8.1.0.RC5?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15730\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-5045\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15731\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-5046\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15732\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-2080\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15733\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-4800\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15734\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7656\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15735\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7657\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15736\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7658\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15737\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-9735\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15738\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-12536\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15739\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-12538\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15740\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-12545\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15741\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10241\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15742\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10246\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15743\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10247\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15744\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-17632\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15745\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-17638\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15746\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-27216\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15747\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-27218\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15748\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-27223\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15749\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-28163\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15750\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-28164\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15751\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-28165\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15752\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-28169\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15753\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-34428\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15754\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-34429\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15755\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-2047\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15756\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-2048\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15757\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-2191\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15758\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-26048\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15759\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-26049\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15760\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-36478\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15761\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-36479\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15762\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-40167\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15763\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-41900\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15764\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15765\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-13009\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15766\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-22201\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15767\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-6762\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15768\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-6763\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15769\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-8184\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15770\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-9823\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15771\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-1948\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:3.0.20100224:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.mortbay.jetty/servlet-api@3.0.20100224?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15772\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-29425\",\n            \"component_name\": \"commons-io\",\n            \"component_version\": \"2.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_io:2.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/commons-io/commons-io@2.1?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15773\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-47554\",\n            \"component_name\": \"commons-io\",\n            \"component_version\": \"2.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:commons_io:2.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/commons-io/commons-io@2.1?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15774\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-18640\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.27\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:1.27:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@1.27?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15775\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-1471\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.27\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:1.27:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@1.27?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15776\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-25857\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.27\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:1.27:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@1.27?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15777\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-38749\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.27\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:1.27:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@1.27?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15778\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-38750\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.27\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:1.27:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@1.27?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15779\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-38751\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.27\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:1.27:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@1.27?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15780\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-38752\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.27\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:1.27:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@1.27?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15781\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-41854\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.27\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:1.27:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@1.27?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15782\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0193\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.94.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15783\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-3488\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.94.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15784\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-2156\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.94.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15785\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-4970\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.94.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15786\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-16869\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.94.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15787\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-20444\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.94.Final?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15788\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-20445\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.94.Final?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15789\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-11612\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.94.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15790\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-7238\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.94.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15791\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-21290\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.94.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15792\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-21295\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.94.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15793\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-21409\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.94.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15794\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-37136\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.94.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15795\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-37137\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.94.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15796\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-43797\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.94.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15797\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-24823\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.94.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15798\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-41881\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.94.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15799\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-41915\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.94.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15800\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-34462\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.94.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15801\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.94.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15802\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-29025\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.94.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15803\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-47535\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.94.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15804\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-24970\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.94.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15805\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-25193\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.94.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15806\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-55163\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.94.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15807\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-58056\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.94.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15808\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-58057\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.94.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15809\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-67735\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-common@4.1.94.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": false,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15866\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0193\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-resolver-dns@4.1.94.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15867\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-3488\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-resolver-dns@4.1.94.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15868\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-2156\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-resolver-dns@4.1.94.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15869\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-4970\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-resolver-dns@4.1.94.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15870\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-16869\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-resolver-dns@4.1.94.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15871\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-20444\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-resolver-dns@4.1.94.Final?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15872\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-20445\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-resolver-dns@4.1.94.Final?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15873\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-11612\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-resolver-dns@4.1.94.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15874\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-7238\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-resolver-dns@4.1.94.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15875\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-21290\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-resolver-dns@4.1.94.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15876\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-21295\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-resolver-dns@4.1.94.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15877\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-21409\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-resolver-dns@4.1.94.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15878\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-37136\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-resolver-dns@4.1.94.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15879\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-37137\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-resolver-dns@4.1.94.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15880\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-43797\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-resolver-dns@4.1.94.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15881\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-24823\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-resolver-dns@4.1.94.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15882\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-41881\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-resolver-dns@4.1.94.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15883\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-41915\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-resolver-dns@4.1.94.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15884\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-34462\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-resolver-dns@4.1.94.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15885\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-resolver-dns@4.1.94.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15886\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-29025\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-resolver-dns@4.1.94.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15887\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-47535\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-resolver-dns@4.1.94.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15888\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-24970\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-resolver-dns@4.1.94.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15889\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-25193\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-resolver-dns@4.1.94.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15890\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-55163\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-resolver-dns@4.1.94.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15891\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-58056\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-resolver-dns@4.1.94.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15892\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-58057\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-resolver-dns@4.1.94.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"15893\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-67735\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.94.final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-resolver-dns@4.1.94.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": false,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16093\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-3720\",\n            \"component_name\": \"jackson-dataformat-xml\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-dataformat-xml:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml@2.13.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16094\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-7051\",\n            \"component_name\": \"jackson-dataformat-xml\",\n            \"component_version\": \"2.13.4\",\n            \"component_cpe\": \"cpe:2.3:a:fasterxml:jackson-dataformat-xml:2.13.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml@2.13.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16095\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2000-0672\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16096\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2000-0759\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16097\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2000-0760\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16098\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2000-1210\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16099\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2001-0590\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16100\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2001-0829\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16101\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2001-0917\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16102\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2001-1563\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16103\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-0682\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16104\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-0935\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16105\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-0936\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16106\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-1148\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16107\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-1394\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16108\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-1567\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16109\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-1895\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16114\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-2272\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16115\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2003-0042\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16116\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2003-0043\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16117\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2003-0044\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16118\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2003-0045\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16119\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2003-0866\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16120\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-0808\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16121\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-2090\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16122\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-3164\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16123\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-3510\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16124\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-4703\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16125\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-4836\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16126\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-4838\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16127\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2006-3835\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16128\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2006-7195\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16129\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2006-7196\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16130\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2006-7197\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16131\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-0450\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16132\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-1355\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16133\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-1358\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16134\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-1858\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16135\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-2449\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16136\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-2450\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16137\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-3382\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16138\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-3383\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16139\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-3384\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16140\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-3385\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16141\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-3386\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16142\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-4724\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16143\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-5333\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16144\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-5342\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16145\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-5461\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16146\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-6286\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16147\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-0002\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16148\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-0128\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16149\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-1232\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16150\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-1947\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16151\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-2370\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16152\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-2938\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16153\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-3271\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16154\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-4308\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16155\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-5515\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16156\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-5519\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16157\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-0033\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16158\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-0580\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16159\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-0781\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16160\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-0783\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16161\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-2693\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16162\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-2696\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16163\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-2901\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16164\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-2902\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16165\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-3548\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16166\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-1157\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16167\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-2227\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16168\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-3718\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16169\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-4172\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16170\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-4312\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16171\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-0013\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16172\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-0534\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16173\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-1088\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16174\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-1183\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16175\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-1184\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16176\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-1419\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16177\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-1475\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16178\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-1582\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16179\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-2204\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16180\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-2481\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16181\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-2526\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16182\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-2729\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16183\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-3190\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16184\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-3375\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16185\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-3376\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16186\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-4858\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16187\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-5062\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16188\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-5063\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16189\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-5064\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16190\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-0022\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16191\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-2733\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16192\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-3544\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16193\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-3546\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16194\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-4431\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16195\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-4534\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16196\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-5568\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16197\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-5885\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16198\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-5886\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16199\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-5887\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16200\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-0346\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16201\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-2067\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16202\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-2071\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16203\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-2185\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16204\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-4286\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16205\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-4322\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16206\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-4444\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16207\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-4590\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16208\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-6357\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16209\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0033\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16210\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0050\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16211\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0075\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16212\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0095\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16213\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0096\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16214\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0099\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16215\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0119\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16216\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0227\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16217\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0230\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16218\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-7810\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16219\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-5174\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16220\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-5345\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16221\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-5346\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16222\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-5351\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16223\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-0706\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16224\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-0714\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16225\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-0762\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16226\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-0763\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16227\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-1240\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16228\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-3092\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16229\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-5018\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16230\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-5388\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16231\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-5425\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16232\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6325\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16233\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6794\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16234\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6796\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16235\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6797\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16236\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6816\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16237\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6817\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16238\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-8735\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16239\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-8745\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16240\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-8747\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16241\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-9774\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16242\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-9775\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16243\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-12615\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16244\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-12616\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16245\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-12617\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16246\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-15706\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16247\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5647\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16248\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5648\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16249\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5650\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16250\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5651\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16251\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5664\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16252\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7674\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16253\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7675\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16254\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-11784\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16255\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1304\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16256\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1305\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16257\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1336\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16258\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-8014\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16259\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-8034\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16260\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-8037\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16261\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-0199\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16262\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-0221\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16263\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-0232\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16264\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10072\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16265\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-12418\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16266\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-17563\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16267\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-17569\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16268\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-2684\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16269\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-11996\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16270\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-13934\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16271\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-13935\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16272\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-13943\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16273\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-17527\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16274\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-1935\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16275\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-1938\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16276\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-8022\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16277\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-9484\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16278\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-24122\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16279\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-25122\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16280\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-25329\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16281\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-30639\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16282\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-30640\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16283\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-33037\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16284\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-41079\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16285\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-42340\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16286\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-43980\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16287\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-23181\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16288\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-25762\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16289\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-29885\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16290\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-34305\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16291\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-42252\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16292\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-45143\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16293\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-28708\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16294\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-28709\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16295\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-34981\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16296\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-41080\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16297\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-42794\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16298\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-42795\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16299\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16300\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-45648\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16301\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-46589\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16302\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-21733\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16303\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-23672\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16304\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-24549\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16305\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-34750\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16306\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-38286\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16307\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-50379\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16308\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-52316\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16309\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-52317\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16310\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-52318\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16311\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-54677\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16312\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-56337\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16313\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-24813\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16314\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-31650\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16315\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-31651\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16316\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-46701\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16317\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-48988\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16318\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-48989\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16319\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-49124\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16320\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-49125\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16321\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-52434\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16322\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-52520\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16323\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-53506\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16324\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-55668\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16325\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-55752\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16326\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-55754\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16327\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-61795\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:1.1.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/javax.servlet/jstl@1.1.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16622\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-2894\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_security:5.6.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.security/spring-security-config@5.6.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16623\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-9879\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_security:5.6.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.security/spring-security-config@5.6.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16624\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-4995\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_security:5.6.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.security/spring-security-config@5.6.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16625\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1199\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_security:5.6.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.security/spring-security-config@5.6.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16626\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-11272\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_security:5.6.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.security/spring-security-config@5.6.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16627\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-3795\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_security:5.6.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.security/spring-security-config@5.6.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16628\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-5408\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_security:5.6.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.security/spring-security-config@5.6.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16629\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-22112\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_security:5.6.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.security/spring-security-config@5.6.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16630\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-22119\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_security:5.6.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.security/spring-security-config@5.6.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16631\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-22976\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_security:5.6.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.security/spring-security-config@5.6.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16632\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-22978\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_security:5.6.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.security/spring-security-config@5.6.2?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16633\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-31690\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_security:5.6.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.security/spring-security-config@5.6.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16634\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-31692\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_security:5.6.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.security/spring-security-config@5.6.2?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16635\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-20862\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_security:5.6.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.security/spring-security-config@5.6.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16636\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-34034\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_security:5.6.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.security/spring-security-config@5.6.2?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16637\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-34035\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_security:5.6.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.security/spring-security-config@5.6.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16638\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-34042\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_security:5.6.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.security/spring-security-config@5.6.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16639\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-22234\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_security:5.6.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.security/spring-security-config@5.6.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16640\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-38810\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_security:5.6.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.security/spring-security-config@5.6.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16641\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-18640\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.31\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:1.31:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@1.31?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16642\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-1471\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.31\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:1.31:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@1.31?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16643\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-25857\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.31\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:1.31:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@1.31?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16644\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-38749\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.31\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:1.31:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@1.31?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16645\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-38750\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.31\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:1.31:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@1.31?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16646\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-38751\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.31\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:1.31:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@1.31?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16647\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-38752\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.31\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:1.31:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@1.31?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16648\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-41854\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.31\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:1.31:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@1.31?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16649\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-2076\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16650\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-2487\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16651\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-0803\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16652\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-2378\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16653\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-2379\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16654\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-3451\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16655\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-5575\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16656\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-5633\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16657\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-5786\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16658\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-0239\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16659\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-2160\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16660\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0034\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16661\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0035\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16662\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0109\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16663\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0110\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16664\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-3584\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16665\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-3623\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16666\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-5253\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16667\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6812\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16668\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-8739\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16669\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-12624\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16670\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-3156\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16671\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5653\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16672\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5656\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16673\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-8039\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16674\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-12406\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16675\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-12419\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16676\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-12423\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16677\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-17573\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16678\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-13954\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16679\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-1954\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16680\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-22696\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16681\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-30468\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16682\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-40690\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16683\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-46363\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16684\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-46364\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16685\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-28752\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16686\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-29736\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16687\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-32007\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16688\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-41172\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16689\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-23184\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16690\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-48795\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16691\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-48913\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.4?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16907\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-3577\",\n            \"component_name\": \"httpasyncclient\",\n            \"component_version\": \"4.1.4\",\n            \"component_cpe\": \"cpe:2.3:a:apache:httpasyncclient:4.1.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.httpcomponents/httpasyncclient@4.1.4?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16908\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-10237\",\n            \"component_name\": \"guava\",\n            \"component_version\": \"22.0\",\n            \"component_cpe\": \"cpe:2.3:a:google:guava:22.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.google.guava/guava@22.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16909\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-8908\",\n            \"component_name\": \"guava\",\n            \"component_version\": \"22.0\",\n            \"component_cpe\": \"cpe:2.3:a:google:guava:22.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.google.guava/guava@22.0?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16910\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-2976\",\n            \"component_name\": \"guava\",\n            \"component_version\": \"22.0\",\n            \"component_cpe\": \"cpe:2.3:a:google:guava:22.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/com.google.guava/guava@22.0?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16911\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-5005\",\n            \"component_name\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"component_version\": \"7.0.3\",\n            \"component_cpe\": \"cpe:2.3:a:apache:qpid:7.0.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.qpid/qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10@7.0.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16912\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-5006\",\n            \"component_name\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"component_version\": \"7.0.3\",\n            \"component_cpe\": \"cpe:2.3:a:apache:qpid:7.0.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.qpid/qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10@7.0.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16913\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-3083\",\n            \"component_name\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"component_version\": \"7.0.3\",\n            \"component_cpe\": \"cpe:2.3:a:apache:qpid:7.0.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.qpid/qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10@7.0.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16914\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-3620\",\n            \"component_name\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"component_version\": \"7.0.3\",\n            \"component_cpe\": \"cpe:2.3:a:apache:qpid:7.0.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.qpid/qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10@7.0.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16915\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-2145\",\n            \"component_name\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"component_version\": \"7.0.3\",\n            \"component_cpe\": \"cpe:2.3:a:apache:qpid:7.0.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.qpid/qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10@7.0.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16916\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-3467\",\n            \"component_name\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"component_version\": \"7.0.3\",\n            \"component_cpe\": \"cpe:2.3:a:apache:qpid:7.0.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.qpid/qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10@7.0.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16917\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-4446\",\n            \"component_name\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"component_version\": \"7.0.3\",\n            \"component_cpe\": \"cpe:2.3:a:apache:qpid:7.0.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.qpid/qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10@7.0.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16918\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-4458\",\n            \"component_name\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"component_version\": \"7.0.3\",\n            \"component_cpe\": \"cpe:2.3:a:apache:qpid:7.0.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.qpid/qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10@7.0.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16919\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-4459\",\n            \"component_name\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"component_version\": \"7.0.3\",\n            \"component_cpe\": \"cpe:2.3:a:apache:qpid:7.0.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.qpid/qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10@7.0.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16920\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-4460\",\n            \"component_name\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"component_version\": \"7.0.3\",\n            \"component_cpe\": \"cpe:2.3:a:apache:qpid:7.0.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.qpid/qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10@7.0.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16921\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-1909\",\n            \"component_name\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"component_version\": \"7.0.3\",\n            \"component_cpe\": \"cpe:2.3:a:apache:qpid:7.0.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.qpid/qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10@7.0.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16922\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-3629\",\n            \"component_name\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"component_version\": \"7.0.3\",\n            \"component_cpe\": \"cpe:2.3:a:apache:qpid:7.0.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.qpid/qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10@7.0.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16923\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-0203\",\n            \"component_name\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"component_version\": \"7.0.3\",\n            \"component_cpe\": \"cpe:2.3:a:apache:qpid:7.0.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.qpid/qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10@7.0.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16924\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-0223\",\n            \"component_name\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"component_version\": \"7.0.3\",\n            \"component_cpe\": \"cpe:2.3:a:apache:qpid:7.0.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.qpid/qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10@7.0.3?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16925\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-0224\",\n            \"component_name\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"component_version\": \"7.0.3\",\n            \"component_cpe\": \"cpe:2.3:a:apache:qpid:7.0.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.qpid/qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10@7.0.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16926\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-0223\",\n            \"component_name\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"component_version\": \"7.0.3\",\n            \"component_cpe\": \"cpe:2.3:a:apache:qpid:7.0.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.qpid/qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10@7.0.3?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16927\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-4849\",\n            \"component_name\": \"derby\",\n            \"component_version\": \"10.13.1.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:derby:10.13.1.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.derby/derby@10.13.1.1?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16928\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2006-7216\",\n            \"component_name\": \"derby\",\n            \"component_version\": \"10.13.1.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:derby:10.13.1.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.derby/derby@10.13.1.1?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16929\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2006-7217\",\n            \"component_name\": \"derby\",\n            \"component_version\": \"10.13.1.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:derby:10.13.1.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.derby/derby@10.13.1.1?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16930\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-4269\",\n            \"component_name\": \"derby\",\n            \"component_version\": \"10.13.1.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:derby:10.13.1.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.derby/derby@10.13.1.1?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16931\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-2232\",\n            \"component_name\": \"derby\",\n            \"component_version\": \"10.13.1.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:derby:10.13.1.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.derby/derby@10.13.1.1?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16932\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-1832\",\n            \"component_name\": \"derby\",\n            \"component_version\": \"10.13.1.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:derby:10.13.1.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.derby/derby@10.13.1.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16933\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1313\",\n            \"component_name\": \"derby\",\n            \"component_version\": \"10.13.1.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:derby:10.13.1.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.derby/derby@10.13.1.1?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16934\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-46337\",\n            \"component_name\": \"derby\",\n            \"component_version\": \"10.13.1.1\",\n            \"component_cpe\": \"cpe:2.3:a:apache:derby:10.13.1.1:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.derby/derby@10.13.1.1?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16935\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-5045\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16936\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-5046\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16937\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-2080\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16938\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-4800\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16939\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7656\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16940\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7657\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16941\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7658\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16942\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-9735\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16943\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-12536\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16944\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-12538\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16945\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-12545\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16946\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10241\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16947\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10246\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16948\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10247\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16949\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-17632\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16950\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-17638\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16951\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-27216\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16952\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-27218\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16953\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-27223\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16954\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-28163\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16955\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-28164\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16956\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-28165\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16957\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-28169\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16958\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-34428\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16959\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-34429\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16960\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-2047\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16961\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-2048\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16962\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-2191\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16963\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-26048\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16964\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-26049\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16965\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-36478\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16966\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-36479\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16967\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-40167\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16968\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-41900\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16969\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16970\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-13009\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16971\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-22201\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16972\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-6762\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16973\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-6763\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16974\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-8184\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16975\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-9823\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"16976\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-1948\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"component_cpe\": \"cpe:2.3:a:eclipse:jetty:9.4.3.v20170317:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"17455\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0193\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.86.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.86.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"17456\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-3488\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.86.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.86.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"17457\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-2156\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.86.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.86.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"17458\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-4970\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.86.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.86.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"17459\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-16869\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.86.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.86.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"17460\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-20444\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.86.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.86.Final?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"17461\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-20445\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.86.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.86.Final?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"17462\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-11612\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.86.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.86.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"17463\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-7238\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.86.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.86.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"17464\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-21290\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.86.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.86.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"17465\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-21295\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.86.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.86.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"17466\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-21409\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.86.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.86.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"17467\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-37136\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.86.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.86.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"17468\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-37137\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.86.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.86.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"17469\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-43797\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.86.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.86.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"17470\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-24823\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.86.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.86.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"17471\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-41881\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.86.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.86.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"17472\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-41915\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.86.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.86.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"17473\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-34462\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.86.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.86.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"17474\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.86.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.86.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"17475\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-29025\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.86.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.86.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"17476\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-47535\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.86.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.86.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"17477\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-24970\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.86.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.86.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"17478\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-25193\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.86.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.86.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"17479\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-55163\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.86.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.86.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"17480\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-58056\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.86.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.86.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"17481\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-58057\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.86.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.86.Final?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"17482\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-67735\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"component_cpe\": \"cpe:2.3:a:netty:netty:4.1.86.Final:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/io.netty/netty-buffer@4.1.86.Final?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": false,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18081\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-2487\",\n            \"component_name\": \"wss4j-ws-security-dom\",\n            \"component_version\": \"2.3.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:wss4j:2.3.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.wss4j/wss4j-ws-security-dom@2.3.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18082\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-3623\",\n            \"component_name\": \"wss4j-ws-security-dom\",\n            \"component_version\": \"2.3.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:wss4j:2.3.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.wss4j/wss4j-ws-security-dom@2.3.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18083\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-0226\",\n            \"component_name\": \"wss4j-ws-security-dom\",\n            \"component_version\": \"2.3.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:wss4j:2.3.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.wss4j/wss4j-ws-security-dom@2.3.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18084\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-0227\",\n            \"component_name\": \"wss4j-ws-security-dom\",\n            \"component_version\": \"2.3.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:wss4j:2.3.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.wss4j/wss4j-ws-security-dom@2.3.2?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18085\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-13936\",\n            \"component_name\": \"wss4j-ws-security-dom\",\n            \"component_version\": \"2.3.2\",\n            \"component_cpe\": \"cpe:2.3:a:apache:wss4j:2.3.2:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.wss4j/wss4j-ws-security-dom@2.3.2?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18280\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-18640\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.30\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:1.30:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@1.30?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18281\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-1471\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.30\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:1.30:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@1.30?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18282\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-25857\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.30\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:1.30:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@1.30?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18283\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-38749\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.30\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:1.30:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@1.30?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18284\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-38750\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.30\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:1.30:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@1.30?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18285\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-38751\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.30\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:1.30:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@1.30?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18286\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-38752\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.30\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:1.30:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@1.30?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18287\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-41854\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.30\",\n            \"component_cpe\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:1.30:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.yaml/snakeyaml@1.30?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18368\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-8046\",\n            \"component_name\": \"spring-boot-starter-log4j\",\n            \"component_version\": \"1.3.8.RELEASE\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_boot:1.3.8:release:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.boot/spring-boot-starter-log4j@1.3.8.RELEASE?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18369\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1196\",\n            \"component_name\": \"spring-boot-starter-log4j\",\n            \"component_version\": \"1.3.8.RELEASE\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_boot:1.3.8:release:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.boot/spring-boot-starter-log4j@1.3.8.RELEASE?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18370\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-26987\",\n            \"component_name\": \"spring-boot-starter-log4j\",\n            \"component_version\": \"1.3.8.RELEASE\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_boot:1.3.8:release:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.boot/spring-boot-starter-log4j@1.3.8.RELEASE?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18371\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-27772\",\n            \"component_name\": \"spring-boot-starter-log4j\",\n            \"component_version\": \"1.3.8.RELEASE\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_boot:1.3.8:release:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.boot/spring-boot-starter-log4j@1.3.8.RELEASE?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18372\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-20873\",\n            \"component_name\": \"spring-boot-starter-log4j\",\n            \"component_version\": \"1.3.8.RELEASE\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_boot:1.3.8:release:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.boot/spring-boot-starter-log4j@1.3.8.RELEASE?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18373\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-20883\",\n            \"component_name\": \"spring-boot-starter-log4j\",\n            \"component_version\": \"1.3.8.RELEASE\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_boot:1.3.8:release:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.boot/spring-boot-starter-log4j@1.3.8.RELEASE?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18374\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-22602\",\n            \"component_name\": \"spring-boot-starter-log4j\",\n            \"component_version\": \"1.3.8.RELEASE\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_boot:1.3.8:release:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.boot/spring-boot-starter-log4j@1.3.8.RELEASE?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18375\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-34055\",\n            \"component_name\": \"spring-boot-starter-log4j\",\n            \"component_version\": \"1.3.8.RELEASE\",\n            \"component_cpe\": \"cpe:2.3:a:vmware:spring_boot:1.3.8:release:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.springframework.boot/spring-boot-starter-log4j@1.3.8.RELEASE?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18376\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2000-0672\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18377\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2000-0759\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18378\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2000-0760\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18379\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2000-1210\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18380\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2001-0590\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18381\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2001-0829\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18382\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2001-0917\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18383\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2001-1563\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18384\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-0682\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18385\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-0935\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18386\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-0936\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18387\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-1148\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18388\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-1394\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18389\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-1567\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18390\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-1895\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18391\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-2006\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18392\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-2007\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18393\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-2008\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18394\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-2009\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18395\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-2272\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18396\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2003-0042\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18397\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2003-0043\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18398\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2003-0044\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18399\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2003-0045\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18400\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2003-0866\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18401\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-0808\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18402\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-2090\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18403\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-3164\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18404\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-3510\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18405\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-4703\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18406\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-4836\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18407\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-4838\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18408\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2006-3835\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18409\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2006-7195\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18410\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2006-7196\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18411\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2006-7197\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18412\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-0450\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18413\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-1355\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18414\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-1358\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18415\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-1858\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18416\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-2449\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18417\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-2450\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18418\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-3382\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18419\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-3383\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18420\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-3384\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18421\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-3385\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18422\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-3386\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18423\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-4724\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18424\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-5333\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18425\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-5342\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18426\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-5461\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18427\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-6286\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18428\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-0002\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18429\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-0128\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18430\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-1232\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18431\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-1947\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18432\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-2370\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18433\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-2938\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18434\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-3271\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18435\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-4308\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18436\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-5515\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18437\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-5519\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18438\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-0033\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18439\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-0580\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18440\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-0781\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18441\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-0783\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18442\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-2693\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18443\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-2696\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18444\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-2901\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18445\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-2902\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18446\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-3548\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18447\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-1157\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18448\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-2227\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18449\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-3718\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18450\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-4172\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18451\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-4312\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18452\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-0013\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18453\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-0534\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18454\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-1088\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18455\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-1183\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18456\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-1184\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18457\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-1419\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18458\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-1475\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18459\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-1582\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18460\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-2204\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18461\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-2481\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18462\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-2526\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18463\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-2729\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18464\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-3190\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18465\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-3375\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18466\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-3376\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18467\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-4858\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18468\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-5062\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18469\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-5063\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18470\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-5064\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18471\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-0022\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18472\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-2733\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18473\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-3544\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18474\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-3546\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18475\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-4431\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18476\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-4534\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18477\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-5568\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18478\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-5885\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18479\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-5886\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18480\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-5887\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18481\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-0346\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18482\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-2067\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18483\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-2071\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18484\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-2185\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18485\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-4286\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18486\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-4322\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18487\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-4444\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18488\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-4590\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18489\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-6357\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18490\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0033\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18491\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0050\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18492\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0075\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18493\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0095\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18494\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0096\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18495\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0099\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18496\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0119\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18497\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0227\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18498\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0230\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18499\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-7810\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18500\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-5174\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18501\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-5345\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18502\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-5346\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18503\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-5351\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18504\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-0706\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18505\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-0714\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18506\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-0762\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18507\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-0763\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18508\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-1240\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18509\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-3092\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18510\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-5018\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18511\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-5388\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18512\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-5425\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18513\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6325\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18514\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6794\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18515\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6796\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18516\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6797\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18517\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6816\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18518\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6817\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18519\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-8735\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18520\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-8745\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18521\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-8747\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18522\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-9774\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18523\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-9775\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18524\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-12615\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18525\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-12616\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18526\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-12617\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18527\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-15706\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18528\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5647\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18529\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5648\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18530\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5650\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18531\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5651\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18532\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5664\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18533\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7674\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18534\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7675\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18535\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-11784\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18536\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1304\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18537\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1305\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18538\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1336\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18539\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-8014\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18540\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-8034\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18541\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-8037\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18542\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-0199\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18543\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-0221\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18544\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-0232\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18545\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10072\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18546\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-12418\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18547\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-17563\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18548\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-17569\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18549\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-2684\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18550\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-11996\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18551\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-13934\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18552\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-13935\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18553\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-13943\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18554\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-17527\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18555\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-1935\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18556\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-1938\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18557\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-8022\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18558\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-9484\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18559\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-24122\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18560\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-25122\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18561\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-25329\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18562\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-30639\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18563\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-30640\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18564\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-33037\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18565\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-41079\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18566\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-42340\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18567\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-43980\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18568\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-23181\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18569\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-25762\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18570\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-29885\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18571\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-34305\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18572\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-42252\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18573\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-45143\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18574\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-28708\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18575\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-28709\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18576\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-34981\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18577\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-41080\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18578\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-42794\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18579\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-42795\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18580\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18581\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-45648\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18582\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-46589\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18583\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-21733\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18584\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-23672\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18585\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-24549\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18586\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-34750\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18587\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-38286\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18588\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-50379\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18589\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-52316\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18590\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-52317\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18591\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-52318\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18592\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-54677\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18593\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-56337\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18594\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-24813\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18595\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-31650\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18596\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-31651\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18597\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-46701\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18598\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-48988\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18599\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-48989\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18600\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-49124\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18601\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-49125\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18602\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-52434\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18603\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-52520\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18604\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-53506\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18605\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-55668\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18606\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-55752\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18607\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-55754\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18608\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-61795\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@8.5.20?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18842\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2000-0672\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18843\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2000-0759\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18844\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2000-0760\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18845\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2000-1210\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18846\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2001-0590\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18847\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2001-0829\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18848\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2001-0917\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18849\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2001-1563\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18850\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-0682\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18851\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-0935\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18852\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-0936\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18853\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-1148\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18854\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-1394\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18855\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-1567\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18856\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-1895\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18857\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-2006\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18858\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-2007\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18859\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-2008\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18860\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-2009\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18861\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2002-2272\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18862\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2003-0042\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18863\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2003-0043\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18864\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2003-0044\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18865\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2003-0045\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18866\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2003-0866\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18867\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-0808\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18868\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-2090\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18869\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-3164\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18870\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-3510\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18871\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-4703\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18872\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-4836\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18873\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2005-4838\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18874\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2006-3835\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18875\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2006-7195\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18876\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2006-7196\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18877\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2006-7197\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18878\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-0450\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18879\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-1355\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18880\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-1358\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18881\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-1858\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18882\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-2449\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18883\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-2450\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18884\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-3382\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18885\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-3383\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18886\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-3384\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18887\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-3385\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18888\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-3386\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18889\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-4724\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18890\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-5333\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18891\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-5342\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18892\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-5461\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18893\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2007-6286\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18894\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-0002\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18895\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-0128\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18896\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-1232\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18897\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-1947\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18898\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-2370\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18899\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-2938\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18900\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-3271\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18901\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-4308\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18902\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-5515\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18903\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2008-5519\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18904\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-0033\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18905\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-0580\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18906\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-0781\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18907\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-0783\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18908\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-2693\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18909\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-2696\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18910\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-2901\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18911\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-2902\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18912\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2009-3548\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18913\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-1157\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18914\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-2227\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18915\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-3718\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18916\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-4172\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18917\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2010-4312\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18918\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-0013\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18919\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-0534\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18920\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-1088\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18921\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-1183\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18922\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-1184\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18923\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-1419\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18924\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-1475\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18925\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-1582\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18926\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-2204\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18927\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-2481\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18928\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-2526\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18929\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-2729\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18930\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-3190\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18931\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-3375\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18932\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-3376\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18933\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-4858\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18934\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-5062\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18935\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-5063\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18936\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2011-5064\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18937\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-0022\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18938\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-2733\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18939\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-3544\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18940\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-3546\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18941\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-4431\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18942\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-4534\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18943\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-5568\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18944\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-5885\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18945\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-5886\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18946\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2012-5887\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18947\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-0346\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18948\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-2067\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18949\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-2071\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18950\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-2185\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18951\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-4286\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18952\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-4322\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18953\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-4444\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18954\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-4590\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18955\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2013-6357\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18956\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0033\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18957\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0050\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18958\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0075\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18959\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0095\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18960\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0096\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18961\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0099\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18962\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0119\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18963\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0227\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18964\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-0230\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18965\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2014-7810\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18966\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-5174\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18967\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-5345\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18968\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-5346\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18969\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2015-5351\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18970\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-0706\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18971\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-0714\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18972\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-0762\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18973\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-0763\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18974\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-1240\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18975\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-3092\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18976\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-5018\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18977\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-5388\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18978\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-5425\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18979\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6325\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18980\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6794\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18981\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6796\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18982\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6797\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18983\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6816\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18984\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-6817\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18985\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-8735\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18986\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-8745\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18987\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-8747\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18988\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-9774\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18989\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2016-9775\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18990\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-12615\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18991\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-12616\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18992\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-12617\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18993\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-15706\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18994\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5647\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18995\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5648\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18996\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5650\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18997\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5651\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18998\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-5664\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"18999\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7674\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19000\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2017-7675\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19001\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-11784\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19002\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1304\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19003\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1305\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19004\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-1336\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19005\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-8014\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19006\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-8034\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19007\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2018-8037\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19008\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-0199\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19009\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-0221\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19010\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-0232\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19011\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-10072\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19012\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-12418\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19013\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-17563\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19014\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-17569\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19015\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2019-2684\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19016\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-11996\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19017\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-13934\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19018\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-13935\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19019\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-13943\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19020\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-17527\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19021\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-1935\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19022\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-1938\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19023\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-8022\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19024\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2020-9484\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19025\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-24122\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19026\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-25122\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19027\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-25329\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19028\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-30639\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19029\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-30640\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19030\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-33037\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19031\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-41079\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19032\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-42340\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19033\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2021-43980\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19034\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-23181\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19035\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-25762\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19036\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-29885\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19037\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-34305\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19038\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-42252\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19039\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2022-45143\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19040\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-28708\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19041\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-28709\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19042\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-34981\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19043\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-41080\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19044\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-42794\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19045\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-42795\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19046\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19047\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-45648\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19048\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2023-46589\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19049\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-21733\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19050\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-23672\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19051\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-24549\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19052\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-34750\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19053\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-38286\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19054\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-50379\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19055\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-52316\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19056\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-52317\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19057\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-52318\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19058\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-54677\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19059\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2024-56337\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19060\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-24813\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19061\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-31650\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19062\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-31651\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19063\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-46701\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19064\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-48988\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19065\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-48989\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19066\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-49124\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19067\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-49125\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19068\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-52434\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19069\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-52520\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19070\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-53506\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19071\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-55668\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19072\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-55752\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19073\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-55754\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"id\": \"19074\",\n            \"scan_report_id\": \"8\",\n            \"cve_id\": \"CVE-2025-61795\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"component_cpe\": \"cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.85?type=jar\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"llm_enrichment\": null,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        }\n    ]\n}"}],"_postman_id":"fa50f0c3-bcd6-4986-b277-5732f9761fcf"},{"name":"Cves List Global Jbl","id":"5fc05ee0-b5a0-4186-89c2-30231dcdd806","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/sbom/parking/vulnerabilities/list/jbl","urlObject":{"port":"2999","path":["sbom","parking","vulnerabilities","list","jbl"],"host":["{{sl-host}}"],"query":[{"disabled":true,"key":"productName","value":"jms"},{"disabled":true,"key":"productName","value":"jbl"}],"variable":[]}},"response":[{"id":"6ce68f75-c9bb-4c1f-91fc-6384e9057fdd","name":"Cves List Global Jbl","originalRequest":{"method":"GET","header":[],"url":{"raw":"{{sl-host}}:2999/sbom/parking/vulnerabilities/list/jbl","host":["{{sl-host}}"],"port":"2999","path":["sbom","parking","vulnerabilities","list","jbl"],"query":[{"key":"productName","value":"jms","disabled":true},{"key":"productName","value":"jbl","type":"text","disabled":true}]}},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"184478"},{"key":"ETag","value":"W/\"2d09e-72j1A1ZyjEPKi4zyb9b82sUl6E8\""},{"key":"Date","value":"Thu, 29 Jan 2026 14:14:14 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n    \"success\": true,\n    \"data\": [\n        {\n            \"cve_id\": \"CVE-2017-15095\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-17485\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7525\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-11307\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-12022\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-12023\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-14718\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-14719\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-14720\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-14721\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 10,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-19360\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-19361\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-19362\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-5968\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-7489\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-12086\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-12384\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-12814\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-14379\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-14439\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-14540\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-14892\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-14893\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-16335\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-16942\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-16943\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17267\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17531\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-20330\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-10650\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-10672\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-10673\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-10968\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-10969\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11111\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11112\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11113\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11619\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11620\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-14060\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-14061\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-14062\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-14195\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-24616\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-24750\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-25649\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-35490\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-35491\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-35728\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36179\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36180\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36181\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36182\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36183\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36184\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36185\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36186\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36187\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36188\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36189\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36518\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-8840\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-9546\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-9547\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-9548\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-20190\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-46877\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-42003\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-42004\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-35116\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-12537\",\n            \"component_name\": \"vertx-core\",\n            \"component_version\": \"4.5.14\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-12540\",\n            \"component_name\": \"vertx-core\",\n            \"component_version\": \"4.5.14\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-12541\",\n            \"component_name\": \"vertx-core\",\n            \"component_version\": \"4.5.14\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-12542\",\n            \"component_name\": \"vertx-core\",\n            \"component_version\": \"4.5.14\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-12544\",\n            \"component_name\": \"vertx-core\",\n            \"component_version\": \"4.5.14\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17640\",\n            \"component_name\": \"vertx-core\",\n            \"component_version\": \"4.5.14\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-8391\",\n            \"component_name\": \"vertx-core\",\n            \"component_version\": \"4.5.14\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-11965\",\n            \"component_name\": \"vertx-core\",\n            \"component_version\": \"4.5.14\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-11966\",\n            \"component_name\": \"vertx-core\",\n            \"component_version\": \"4.5.14\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0193\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-3488\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-2156\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-4970\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-16869\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-20444\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-20445\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11612\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-7238\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21290\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21295\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21409\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-37136\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-37137\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-43797\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-24823\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-41881\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-41915\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-34462\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-29025\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-47535\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-24970\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-25193\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-55163\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-58056\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-58057\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-67735\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": false,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0193\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-3488\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-2156\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-4970\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-16869\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-20444\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-20445\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11612\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-7238\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21290\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21295\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21409\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-37136\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-37137\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-43797\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-24823\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-41881\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-41915\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-34462\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-29025\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-47535\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-24970\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-25193\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-55163\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-58056\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-58057\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-67735\",\n            \"component_name\": \"netty-codec-http2\",\n            \"component_version\": \"4.1.118.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": false,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-10750\",\n            \"component_name\": \"hazelcast\",\n            \"component_version\": \"5.3.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-26168\",\n            \"component_name\": \"hazelcast\",\n            \"component_version\": \"5.3.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-0265\",\n            \"component_name\": \"hazelcast\",\n            \"component_version\": \"5.3.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-36437\",\n            \"component_name\": \"hazelcast\",\n            \"component_version\": \"5.3.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-33264\",\n            \"component_name\": \"hazelcast\",\n            \"component_version\": \"5.3.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-33265\",\n            \"component_name\": \"hazelcast\",\n            \"component_version\": \"5.3.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-45859\",\n            \"component_name\": \"hazelcast\",\n            \"component_version\": \"5.3.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-45860\",\n            \"component_name\": \"hazelcast\",\n            \"component_version\": \"5.3.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-2894\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-4152\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-6429\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-7315\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0054\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-3625\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-0201\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-3192\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-1000027\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-9878\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-11039\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-11040\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1199\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1257\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1258\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1270\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1271\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1272\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1275\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-15756\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-15801\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-5397\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-5398\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-5421\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-22060\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-22096\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-22118\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-22950\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-22965\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-22968\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-22970\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-22971\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-20860\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-20861\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-20863\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-34053\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-22233\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-22259\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-38808\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-38820\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-1999-0862\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2000-1199\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-0972\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1397\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1398\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1399\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1400\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1401\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1402\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1642\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1657\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2003-0901\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2004-0547\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2004-0977\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-0227\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-0244\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-0245\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-0246\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-0247\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-1409\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-1410\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-0105\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-0553\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-0678\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-2313\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-2314\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-5540\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-5541\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-5542\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-0555\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-0556\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-2138\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-3278\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-3279\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-3280\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-4769\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-4772\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-6067\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-6600\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-6601\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-0922\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-3229\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-3230\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-3231\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-4034\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-4136\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-0442\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-0733\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-1169\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-1170\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-1447\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-1975\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-3433\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-4015\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-2483\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-0866\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-0867\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-0868\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-1618\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-2143\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-2655\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-3488\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-3489\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-0255\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-1899\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-1900\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-1901\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-1902\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-1903\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0060\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0061\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0062\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0063\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0064\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0065\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0066\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0067\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-2669\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-8161\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-0241\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-0242\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-0243\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-0244\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-3165\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-3166\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-3167\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-5288\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-5289\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-0766\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-0768\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-0773\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-2193\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-3065\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-5423\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-5424\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-7048\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-12172\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-14798\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-15098\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-15099\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7484\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7485\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7486\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7546\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7547\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7548\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-8806\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1052\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1053\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1058\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-10915\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-10925\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1115\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-16850\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10127\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10128\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10129\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10130\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10164\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10208\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10209\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10210\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10211\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-9193\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-10733\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-14349\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-14350\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-1720\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-25694\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-25695\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-25696\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-20229\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-23214\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-23222\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-32027\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-32028\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-32029\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-3393\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-3677\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-43767\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-1552\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-2625\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-41862\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-2454\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-2455\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-39417\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-39418\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-5868\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-5869\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-5870\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-0985\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-10976\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-10977\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-10978\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-10979\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-4317\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-7348\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5645\",\n            \"component_name\": \"log4j-slf4j-impl\",\n            \"component_version\": \"2.17.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17571\",\n            \"component_name\": \"log4j-slf4j-impl\",\n            \"component_version\": \"2.17.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-9488\",\n            \"component_name\": \"log4j-slf4j-impl\",\n            \"component_version\": \"2.17.1\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-9493\",\n            \"component_name\": \"log4j-slf4j-impl\",\n            \"component_version\": \"2.17.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-4104\",\n            \"component_name\": \"log4j-slf4j-impl\",\n            \"component_version\": \"2.17.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-44228\",\n            \"component_name\": \"log4j-slf4j-impl\",\n            \"component_version\": \"2.17.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 10,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-44832\",\n            \"component_name\": \"log4j-slf4j-impl\",\n            \"component_version\": \"2.17.1\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-45046\",\n            \"component_name\": \"log4j-slf4j-impl\",\n            \"component_version\": \"2.17.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-45105\",\n            \"component_name\": \"log4j-slf4j-impl\",\n            \"component_version\": \"2.17.1\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-23302\",\n            \"component_name\": \"log4j-slf4j-impl\",\n            \"component_version\": \"2.17.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-23305\",\n            \"component_name\": \"log4j-slf4j-impl\",\n            \"component_version\": \"2.17.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-23307\",\n            \"component_name\": \"log4j-slf4j-impl\",\n            \"component_version\": \"2.17.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-26464\",\n            \"component_name\": \"log4j-slf4j-impl\",\n            \"component_version\": \"2.17.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-68161\",\n            \"component_name\": \"log4j-slf4j-impl\",\n            \"component_version\": \"2.17.1\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": false,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-10237\",\n            \"component_name\": \"guava\",\n            \"component_version\": \"22.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-8908\",\n            \"component_name\": \"guava\",\n            \"component_version\": \"22.0\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-2976\",\n            \"component_name\": \"guava\",\n            \"component_version\": \"22.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-15095\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-17485\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7525\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-11307\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-12022\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-12023\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-14718\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-14719\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-14720\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-14721\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 10,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-19360\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-19361\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-19362\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-5968\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-7489\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-12086\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-12384\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-12814\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-14379\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-14439\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-14540\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-14892\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-14893\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-16335\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-16942\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-16943\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17267\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17531\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-20330\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-10650\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-10672\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-10673\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-10968\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-10969\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11111\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11112\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11113\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11619\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11620\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-14060\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-14061\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-14062\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-14195\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-24616\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-24750\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-25649\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-35490\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-35491\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-35728\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36179\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36180\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36181\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36182\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36183\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36184\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36185\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36186\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36187\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36188\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36189\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36518\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-8840\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-9546\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-9547\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-9548\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-20190\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-46877\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-42003\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-42004\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-35116\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.9.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-18640\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.18\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-1471\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.18\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-25857\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.18\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-38749\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.18\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-38750\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.18\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-38751\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.18\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-38752\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.18\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-41854\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.18\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-0684\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-1244\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-1587\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-4905\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-5784\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-6092\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-6551\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-1879\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-1880\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-3060\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-3576\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-3600\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-3612\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-8110\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-1830\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-5254\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-6524\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-7559\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-0734\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-0782\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-3088\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6810\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-15709\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-11775\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-8006\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-0201\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-0222\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10241\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11998\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-13920\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-13947\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-1941\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-26217\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21341\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21342\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21343\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21344\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21345\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21346\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21347\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21348\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21349\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21350\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21351\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-26117\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-41678\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-46604\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 10,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-32114\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-27533\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.16.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-15095\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-17485\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7525\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-11307\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-12022\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-12023\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-14718\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-14719\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-14720\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-14721\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 10,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-19360\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-19361\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-19362\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-5968\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-7489\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-12086\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-12384\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-12814\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-14379\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-14439\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-14540\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-14892\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-14893\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-16335\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-16942\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-16943\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17267\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17531\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-20330\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-10650\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-10672\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-10673\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-10968\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-10969\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11111\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11112\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11113\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11619\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11620\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-14060\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-14061\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-14062\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-14195\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-24616\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-24750\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-25649\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-35490\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-35491\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-35728\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36179\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36180\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36181\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36182\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36183\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36184\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36185\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36186\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36187\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36188\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36189\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36518\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-8840\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-9546\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-9547\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-9548\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-20190\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-46877\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-42003\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-42004\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-35116\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-3720\",\n            \"component_name\": \"jackson-dataformat-xml\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-7051\",\n            \"component_name\": \"jackson-dataformat-xml\",\n            \"component_version\": \"2.18.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-2175\",\n            \"component_name\": \"pdfbox\",\n            \"component_version\": \"2.0.21\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-11797\",\n            \"component_name\": \"pdfbox\",\n            \"component_version\": \"2.0.21\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-8036\",\n            \"component_name\": \"pdfbox\",\n            \"component_version\": \"2.0.21\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-0228\",\n            \"component_name\": \"pdfbox\",\n            \"component_version\": \"2.0.21\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-27807\",\n            \"component_name\": \"pdfbox\",\n            \"component_version\": \"2.0.21\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-27906\",\n            \"component_name\": \"pdfbox\",\n            \"component_version\": \"2.0.21\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-31811\",\n            \"component_name\": \"pdfbox\",\n            \"component_version\": \"2.0.21\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-31812\",\n            \"component_name\": \"pdfbox\",\n            \"component_version\": \"2.0.21\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-8125\",\n            \"component_name\": \"drools-core\",\n            \"component_version\": \"7.71.0.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-41411\",\n            \"component_name\": \"drools-core\",\n            \"component_version\": \"7.71.0.Final\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-1415\",\n            \"component_name\": \"drools-core\",\n            \"component_version\": \"7.71.0.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-0213\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-3529\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-3574\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-9527\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-5000\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-12626\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5644\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-12415\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-26336\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-31672\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-23926\",\n            \"component_name\": \"xmlbeans\",\n            \"component_version\": \"3.1.0\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-2098\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-11771\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1324\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-12402\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-35515\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-35516\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-35517\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-36090\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-42503\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-25710\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-26308\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-6465\",\n            \"component_name\": \"jbpm-flow\",\n            \"component_version\": \"7.71.0.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-8125\",\n            \"component_name\": \"jbpm-flow\",\n            \"component_version\": \"7.71.0.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7545\",\n            \"component_name\": \"jbpm-flow\",\n            \"component_version\": \"7.71.0.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-20306\",\n            \"component_name\": \"jbpm-flow\",\n            \"component_version\": \"7.71.0.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-5237\",\n            \"component_name\": \"protobuf-java\",\n            \"component_version\": \"3.19.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-22570\",\n            \"component_name\": \"protobuf-java\",\n            \"component_version\": \"3.19.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-2410\",\n            \"component_name\": \"protobuf-java\",\n            \"component_version\": \"3.19.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-7254\",\n            \"component_name\": \"protobuf-java\",\n            \"component_version\": \"3.19.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-15095\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-17485\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7525\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-11307\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-12022\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-12023\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-14718\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-14719\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-14720\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-14721\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 10,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-19360\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-19361\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-19362\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-5968\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-7489\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-12086\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-12384\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-12814\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-14379\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-14439\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1258\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-14540\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-14892\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-14893\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-16335\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-16942\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-16943\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17267\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17531\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-20330\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-10650\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-10672\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-10673\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-10968\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-10969\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11111\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11112\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11113\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11619\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11620\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-14060\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-14061\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-14062\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-14195\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-24616\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-24750\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-25649\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-35490\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-35491\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-35728\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36179\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36180\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36181\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36182\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36183\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36184\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36185\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36186\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36187\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36188\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36189\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36518\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-8840\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-9546\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-9547\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-9548\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-20190\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-46877\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-42003\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-42004\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-35116\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.6.1\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-2894\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-4152\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-6429\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-7315\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0054\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-3625\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-0201\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-3192\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-1000027\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-9878\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-11039\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-11040\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1199\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1257\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1270\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1271\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1272\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1275\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-15756\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-15801\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-5397\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-5398\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-5421\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-22060\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-22096\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-22118\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-22950\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-22965\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-22968\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-22970\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-22971\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-20860\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-20861\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-20863\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-34053\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-22233\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-22259\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-38808\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-38820\",\n            \"component_name\": \"spring-tx\",\n            \"component_version\": \"5.3.19\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-10237\",\n            \"component_name\": \"guava\",\n            \"component_version\": \"31.1-jre\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-8908\",\n            \"component_name\": \"guava\",\n            \"component_version\": \"31.1-jre\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-2976\",\n            \"component_name\": \"guava\",\n            \"component_version\": \"31.1-jre\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-10237\",\n            \"component_name\": \"failureaccess\",\n            \"component_version\": \"1.0.1\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-8908\",\n            \"component_name\": \"failureaccess\",\n            \"component_version\": \"1.0.1\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-2976\",\n            \"component_name\": \"failureaccess\",\n            \"component_version\": \"1.0.1\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-29425\",\n            \"component_name\": \"commons-io\",\n            \"component_version\": \"2.11.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-47554\",\n            \"component_name\": \"commons-io\",\n            \"component_version\": \"2.11.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-6420\",\n            \"component_name\": \"commons-collections\",\n            \"component_version\": \"3.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-48924\",\n            \"component_name\": \"commons-lang\",\n            \"component_version\": \"2.1\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:51:40.477Z\"\n        }\n    ]\n}"}],"_postman_id":"5fc05ee0-b5a0-4186-89c2-30231dcdd806"},{"name":"Cves List Global Jms","id":"c6c86a79-e91f-4063-ba38-2b629df261ce","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/sbom/parking/vulnerabilities/list/jms","urlObject":{"port":"2999","path":["sbom","parking","vulnerabilities","list","jms"],"host":["{{sl-host}}"],"query":[{"disabled":true,"key":"productName","value":"jms"},{"disabled":true,"key":"productName","value":"jbl"}],"variable":[]}},"response":[{"id":"62c308e1-c47f-415f-a084-d77eb1dd5163","name":"Cves List Global Jms","originalRequest":{"method":"GET","header":[],"url":{"raw":"{{sl-host}}:2999/sbom/parking/vulnerabilities/list/jms","host":["{{sl-host}}"],"port":"2999","path":["sbom","parking","vulnerabilities","list","jms"],"query":[{"key":"productName","value":"jms","disabled":true},{"key":"productName","value":"jbl","type":"text","disabled":true}]}},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"699176"},{"key":"ETag","value":"W/\"aab28-szAdyM3+84oGstscJd9lagg+AHI\""},{"key":"Date","value":"Thu, 29 Jan 2026 14:14:09 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n    \"success\": true,\n    \"data\": [\n        {\n            \"cve_id\": \"CVE-2022-23305\",\n            \"component_name\": \"log4j\",\n            \"component_version\": \"1.2.17\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-1999-0862\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2000-1199\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-0972\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1397\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1398\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1399\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1400\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1401\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1402\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1642\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1657\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2003-0901\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2004-0547\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2004-0977\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-0227\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-0244\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-0245\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-0246\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-0247\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-1409\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-1410\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-0105\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-0553\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-0678\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-2313\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-2314\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-5540\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-5541\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-5542\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-0555\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-0556\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-2138\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-3278\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-3279\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-3280\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-4769\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-4772\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-6067\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-6600\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-6601\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-0922\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-3229\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-3230\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-3231\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-4034\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-4136\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-0442\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-0733\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-1169\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-1170\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-1447\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-1975\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-3433\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-4015\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-2483\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-0866\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-0867\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-0868\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-1618\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-2143\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-2655\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-3488\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-3489\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-0255\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-1899\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-1900\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-1901\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-1902\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-1903\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0060\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0061\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0062\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0063\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0064\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0065\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0066\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0067\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-2669\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-8161\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-0241\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-0242\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-0243\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-0244\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-3165\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-3166\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-3167\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-5288\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-5289\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-0766\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-0768\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-0773\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-2193\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-3065\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-5423\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-5424\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-7048\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-12172\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-14798\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-15098\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-15099\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7484\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7485\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7486\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7546\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7547\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7548\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-8806\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1052\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1053\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1058\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-10915\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-10925\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1115\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-45105\",\n            \"component_name\": \"log4j\",\n            \"component_version\": \"1.2.17\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-16850\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10127\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10128\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10129\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10130\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10164\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10208\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10209\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10210\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10211\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-9193\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-10733\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-14349\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-14350\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-1720\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-25694\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-25695\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-25696\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-20229\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-23214\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-23222\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-32027\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-32028\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-32029\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-3393\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-3677\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-43767\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-1552\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-2625\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-41862\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-2454\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-2455\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-39417\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-39418\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-5868\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-5869\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-5870\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-0985\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-10976\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-10977\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-10978\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-10979\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-4317\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-7348\",\n            \"component_name\": \"postgresql\",\n            \"component_version\": \"42.7.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-2894\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-4152\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-6429\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-7315\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0054\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-3625\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-0201\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-3192\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-1000027\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-9878\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-11039\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-11040\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1199\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1257\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1258\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1270\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1271\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1272\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1275\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-15756\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-15801\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-5397\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-5398\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-5421\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-22060\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-22096\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-22118\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-22950\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-22965\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-22968\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-22970\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-22971\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-20860\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-20861\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-20863\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-34053\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-22233\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-22259\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-38808\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-38820\",\n            \"component_name\": \"spring-context\",\n            \"component_version\": \"5.3.39\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-6153\",\n            \"component_name\": \"commons-httpclient\",\n            \"component_version\": \"3.1\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-37533\",\n            \"component_name\": \"commons-net\",\n            \"component_version\": \"2.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-6420\",\n            \"component_name\": \"commons-collections\",\n            \"component_version\": \"3.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-4330\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0002\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0003\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-0263\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-0264\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-5344\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-5348\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-8749\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-12633\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-12634\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-3159\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5643\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-8027\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-0188\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-0194\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11971\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11972\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11973\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11994\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-5529\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-34442\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-22369\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-22371\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-23114\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-27636\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-29891\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-30177\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-66169\",\n            \"component_name\": \"camel-core\",\n            \"component_version\": \"2.11.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": false,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-2175\",\n            \"component_name\": \"pdfbox\",\n            \"component_version\": \"2.0.21\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-11797\",\n            \"component_name\": \"pdfbox\",\n            \"component_version\": \"2.0.21\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-8036\",\n            \"component_name\": \"pdfbox\",\n            \"component_version\": \"2.0.21\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-0228\",\n            \"component_name\": \"pdfbox\",\n            \"component_version\": \"2.0.21\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-27807\",\n            \"component_name\": \"pdfbox\",\n            \"component_version\": \"2.0.21\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-27906\",\n            \"component_name\": \"pdfbox\",\n            \"component_version\": \"2.0.21\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-31811\",\n            \"component_name\": \"pdfbox\",\n            \"component_version\": \"2.0.21\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-31812\",\n            \"component_name\": \"pdfbox\",\n            \"component_version\": \"2.0.21\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-15095\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-17485\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7525\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-11307\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-12022\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-12023\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-14718\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-14719\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-14720\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-14721\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 10,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-19360\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-19361\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-19362\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-5968\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-7489\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-12086\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-12384\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-12814\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-23302\",\n            \"component_name\": \"log4j\",\n            \"component_version\": \"1.2.17\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-14379\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-14439\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-14540\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-14892\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-14893\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-16335\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-16942\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-16943\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17267\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17531\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-20330\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-10650\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-10672\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-10673\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-10968\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-10969\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11111\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11112\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11113\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11619\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11620\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-14060\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-14061\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-14062\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-14195\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-24616\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-24750\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-25649\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-35490\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-35491\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-35728\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36179\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36180\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36181\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36182\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36183\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36184\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36185\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36186\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36187\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36188\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36189\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36518\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-8840\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-9546\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-9547\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-9548\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-20190\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-46877\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-42003\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-42004\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-35116\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-1932\",\n            \"component_name\": \"hibernate-validator\",\n            \"component_version\": \"6.2.0.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-25647\",\n            \"component_name\": \"gson\",\n            \"component_version\": \"2.8.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-37533\",\n            \"component_name\": \"commons-net\",\n            \"component_version\": \"3.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-6420\",\n            \"component_name\": \"commons-collections\",\n            \"component_version\": \"3.2.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-48924\",\n            \"component_name\": \"commons-lang\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-29425\",\n            \"component_name\": \"commons-io\",\n            \"component_version\": \"1.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-47554\",\n            \"component_name\": \"commons-io\",\n            \"component_version\": \"1.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5645\",\n            \"component_name\": \"log4j\",\n            \"component_version\": \"1.2.17\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17571\",\n            \"component_name\": \"log4j\",\n            \"component_version\": \"1.2.17\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-9488\",\n            \"component_name\": \"log4j\",\n            \"component_version\": \"1.2.17\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-9493\",\n            \"component_name\": \"log4j\",\n            \"component_version\": \"1.2.17\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-4104\",\n            \"component_name\": \"log4j\",\n            \"component_version\": \"1.2.17\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-44228\",\n            \"component_name\": \"log4j\",\n            \"component_version\": \"1.2.17\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 10,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-44832\",\n            \"component_name\": \"log4j\",\n            \"component_version\": \"1.2.17\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-45046\",\n            \"component_name\": \"log4j\",\n            \"component_version\": \"1.2.17\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-23307\",\n            \"component_name\": \"log4j\",\n            \"component_version\": \"1.2.17\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-26464\",\n            \"component_name\": \"log4j\",\n            \"component_version\": \"1.2.17\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-68161\",\n            \"component_name\": \"log4j\",\n            \"component_version\": \"1.2.17\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": false,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-2076\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-2487\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-0803\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-2378\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-2379\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-3451\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-5575\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-5633\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-5786\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-0239\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-2160\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0034\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0035\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0109\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0110\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-3584\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-3623\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-5253\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6812\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-8739\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-12624\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-3156\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5653\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5656\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-8039\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-12406\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-12419\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-12423\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17573\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-13954\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-1954\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-22696\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-30468\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-40690\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-46363\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-46364\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-28752\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-29736\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-32007\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-41172\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-23184\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-48795\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-48913\",\n            \"component_name\": \"cxf-rt-transports-http\",\n            \"component_version\": \"3.1.10\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-0254\",\n            \"component_name\": \"geronimo-jta_1.1_spec\",\n            \"component_version\": \"1.1.1\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-4548\",\n            \"component_name\": \"geronimo-jta_1.1_spec\",\n            \"component_version\": \"1.1.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-5085\",\n            \"component_name\": \"geronimo-jta_1.1_spec\",\n            \"component_version\": \"1.1.1\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-5797\",\n            \"component_name\": \"geronimo-jta_1.1_spec\",\n            \"component_version\": \"1.1.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-0732\",\n            \"component_name\": \"geronimo-jta_1.1_spec\",\n            \"component_version\": \"1.1.1\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-5518\",\n            \"component_name\": \"geronimo-jta_1.1_spec\",\n            \"component_version\": \"1.1.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-0038\",\n            \"component_name\": \"geronimo-jta_1.1_spec\",\n            \"component_version\": \"1.1.1\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-0039\",\n            \"component_name\": \"geronimo-jta_1.1_spec\",\n            \"component_version\": \"1.1.1\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-5034\",\n            \"component_name\": \"geronimo-jta_1.1_spec\",\n            \"component_version\": \"1.1.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-1777\",\n            \"component_name\": \"geronimo-jta_1.1_spec\",\n            \"component_version\": \"1.1.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-15095\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-17485\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7525\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-11307\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-12022\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-12023\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-14718\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-14719\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-14720\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-14721\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 10,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-19360\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-19361\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-19362\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-5968\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-7489\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-12086\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-12384\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-12814\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-14379\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-14439\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-14540\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-14892\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-14893\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-16335\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-16942\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-16943\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17267\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17531\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-20330\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-10650\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-10672\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-10673\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-10968\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-10969\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11111\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11112\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11113\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11619\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11620\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-14060\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-14061\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-14062\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-14195\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-24616\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-24750\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-25649\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-35490\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-35491\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-35728\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36179\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36180\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36181\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36182\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36183\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36184\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36185\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36186\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36187\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36188\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36189\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-36518\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-8840\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-9546\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-9547\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-9548\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-20190\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-46877\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-42003\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-42004\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-35116\",\n            \"component_name\": \"jackson-databind\",\n            \"component_version\": \"2.12.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2000-0672\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2000-0759\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2000-0760\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2000-1210\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2001-0590\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2001-0829\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2001-0917\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2001-1563\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-0682\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-0935\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-0936\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1148\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1394\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1567\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1895\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-2006\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-2007\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-2008\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-2009\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-2272\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2003-0042\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2003-0043\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2003-0044\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2003-0045\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2003-0866\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-0808\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-2090\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-3164\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-3510\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-4703\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-4836\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-4838\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-3835\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-7195\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-7196\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-7197\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-0450\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-1355\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-1358\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-1858\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-2449\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-2450\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-3382\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-3383\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-3384\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-3385\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-3386\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-4724\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-5333\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-5342\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-5461\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-6286\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-0002\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-0128\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-1232\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-1947\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-2370\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-2938\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-3271\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-4308\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-5515\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-5519\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-0033\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-0580\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-0781\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-0783\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-2693\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-2696\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-2901\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-2902\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-3548\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-1157\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-2227\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-3718\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-4172\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-4312\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-0013\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-0534\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-1088\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-1183\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-1184\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-1419\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-1475\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-1582\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-2204\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-2481\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-2526\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-2729\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-3190\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-3375\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-3376\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-4858\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-5062\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-5063\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-5064\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-0022\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-2733\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-3544\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-3546\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-4431\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-4534\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-5568\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-5885\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-5886\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-5887\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-0346\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-2067\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-2071\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-2185\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-4286\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-4322\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-4444\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-4590\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-6357\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0033\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0050\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0075\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0095\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0096\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0099\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0119\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0227\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0230\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-7810\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-5174\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-5345\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-5346\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-5351\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-0706\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-0714\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-0762\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-0763\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-1240\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-3092\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-5018\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-5388\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-5425\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6325\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6794\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6796\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6797\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6816\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6817\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-8735\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-8745\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-8747\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-9774\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-9775\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-12615\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-12616\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-12617\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-15706\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5647\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5648\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5650\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5651\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5664\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7674\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7675\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-11784\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1304\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1305\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1336\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-8014\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-8034\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-8037\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-0199\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-0221\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-0232\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10072\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-12418\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17563\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17569\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-2684\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11996\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-13934\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-13935\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-13943\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-17527\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-1935\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-1938\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-8022\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-9484\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-24122\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-25122\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-25329\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-30639\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-30640\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-33037\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-41079\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-42340\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-43980\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-23181\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-25762\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-29885\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-34305\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-42252\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-45143\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-28708\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-28709\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-34981\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-41080\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-42794\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-42795\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-45648\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-46589\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-21733\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-23672\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-24549\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-34750\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-38286\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-50379\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-52316\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-52317\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-52318\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-54677\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-56337\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-24813\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-31650\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-31651\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-46701\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-48988\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-48989\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-49124\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-49125\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-52434\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-52520\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-53506\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-55668\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-55752\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-55754\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-61795\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"2.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-2076\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-2487\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-0803\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-2378\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-2379\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-3451\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-5575\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-5633\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-5786\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-0239\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-2160\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0034\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0035\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0109\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0110\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-3584\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-3623\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-5253\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6812\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-8739\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-12624\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-3156\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5653\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5656\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-8039\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-12406\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-12419\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-12423\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17573\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-13954\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-1954\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-22696\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-30468\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-40690\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-46363\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-46364\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-28752\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-29736\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-32007\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-41172\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-23184\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-48795\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-48913\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.3.0\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-29425\",\n            \"component_name\": \"commons-io\",\n            \"component_version\": \"2.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-47554\",\n            \"component_name\": \"commons-io\",\n            \"component_version\": \"2.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11979\",\n            \"component_name\": \"ant\",\n            \"component_version\": \"1.10.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-1945\",\n            \"component_name\": \"ant\",\n            \"component_version\": \"1.10.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-36373\",\n            \"component_name\": \"ant\",\n            \"component_version\": \"1.10.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-36374\",\n            \"component_name\": \"ant\",\n            \"component_version\": \"1.10.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-3772\",\n            \"component_name\": \"spring-integration-core\",\n            \"component_version\": \"5.5.10\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-5413\",\n            \"component_name\": \"spring-integration-core\",\n            \"component_version\": \"5.5.10\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-2894\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-4152\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-6429\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-7315\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0054\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-3625\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-0201\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-3192\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-1000027\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-9878\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-11039\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-11040\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1199\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1257\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1258\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1270\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1271\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1272\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1275\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-15756\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-15801\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-5397\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-5398\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-5421\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-22060\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-22096\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-22118\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-22950\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-22965\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-22968\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-22970\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-22971\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-2008\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-20860\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-20861\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-20863\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-34053\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-22233\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-22259\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-38808\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-38820\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.17\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0193\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-3488\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-2156\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-4970\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-16869\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-20444\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-20445\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11612\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-7238\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21290\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21295\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21409\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-37136\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-37137\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-43797\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-24823\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-41881\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-41915\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-34462\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-29025\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-47535\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-24970\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-25193\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-55163\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-58056\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-58057\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-67735\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": false,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0193\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-3488\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-2156\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-4970\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-16869\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-20444\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-20445\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11612\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-7238\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21290\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21295\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21409\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-37136\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-37137\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-43797\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-24823\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-41881\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-41915\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-34462\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-29025\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-47535\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-24970\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-25193\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-55163\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-58056\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-58057\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-67735\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.89.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": false,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-18640\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"2.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-1471\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"2.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-25857\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"2.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-38749\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"2.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-38750\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"2.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-38751\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"2.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-38752\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"2.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-41854\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"2.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-0684\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-1244\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-1587\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-4905\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-5784\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-6092\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-6551\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-1879\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-1880\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-3060\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-3576\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-3600\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-3612\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-8110\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-1830\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-5254\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-6524\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-7559\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-0734\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-0782\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-3088\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6810\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-15709\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-11775\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-8006\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-0201\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-0222\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10241\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11998\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-13920\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-13947\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-1941\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-26217\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21341\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-2009\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21342\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21343\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21344\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21345\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21346\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21347\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21348\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21349\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21350\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21351\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-26117\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-41678\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-46604\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 10,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-32114\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-27533\",\n            \"component_name\": \"activemq-client\",\n            \"component_version\": \"5.18.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-8125\",\n            \"component_name\": \"drools-core\",\n            \"component_version\": \"7.71.0.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-41411\",\n            \"component_name\": \"drools-core\",\n            \"component_version\": \"7.71.0.Final\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-1415\",\n            \"component_name\": \"drools-core\",\n            \"component_version\": \"7.71.0.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-8125\",\n            \"component_name\": \"drools-mvel\",\n            \"component_version\": \"7.71.0.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-41411\",\n            \"component_name\": \"drools-mvel\",\n            \"component_version\": \"7.71.0.Final\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-1415\",\n            \"component_name\": \"drools-mvel\",\n            \"component_version\": \"7.71.0.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-0213\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-3529\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-3574\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-9527\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-5000\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-12626\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5644\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-12415\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-26336\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-31672\",\n            \"component_name\": \"poi-ooxml\",\n            \"component_version\": \"4.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-23926\",\n            \"component_name\": \"xmlbeans\",\n            \"component_version\": \"3.1.0\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-2098\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-11771\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1324\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-12402\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-35515\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-35516\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-35517\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-36090\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-42503\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-25710\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-26308\",\n            \"component_name\": \"commons-compress\",\n            \"component_version\": \"1.19\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-6465\",\n            \"component_name\": \"jbpm-flow\",\n            \"component_version\": \"7.71.0.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-8125\",\n            \"component_name\": \"jbpm-flow\",\n            \"component_version\": \"7.71.0.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7545\",\n            \"component_name\": \"jbpm-flow\",\n            \"component_version\": \"7.71.0.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-20306\",\n            \"component_name\": \"jbpm-flow\",\n            \"component_version\": \"7.71.0.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-22569\",\n            \"component_name\": \"protobuf-java\",\n            \"component_version\": \"3.19.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-3171\",\n            \"component_name\": \"protobuf-java\",\n            \"component_version\": \"3.19.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-3509\",\n            \"component_name\": \"protobuf-java\",\n            \"component_version\": \"3.19.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-3510\",\n            \"component_name\": \"protobuf-java\",\n            \"component_version\": \"3.19.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-7254\",\n            \"component_name\": \"protobuf-java\",\n            \"component_version\": \"3.19.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-10237\",\n            \"component_name\": \"guava\",\n            \"component_version\": \"31.0.1-android\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-8908\",\n            \"component_name\": \"guava\",\n            \"component_version\": \"31.0.1-android\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-2976\",\n            \"component_name\": \"guava\",\n            \"component_version\": \"31.0.1-android\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0114\",\n            \"component_name\": \"commons-beanutils\",\n            \"component_version\": \"1.9.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10086\",\n            \"component_name\": \"commons-beanutils\",\n            \"component_version\": \"1.9.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-48734\",\n            \"component_name\": \"commons-beanutils\",\n            \"component_version\": \"1.9.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-0026\",\n            \"component_name\": \"jackrabbit-core\",\n            \"component_version\": \"2.19.6\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-1833\",\n            \"component_name\": \"jackrabbit-core\",\n            \"component_version\": \"2.19.6\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6801\",\n            \"component_name\": \"jackrabbit-core\",\n            \"component_version\": \"2.19.6\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-37895\",\n            \"component_name\": \"jackrabbit-core\",\n            \"component_version\": \"2.19.6\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-53689\",\n            \"component_name\": \"jackrabbit-core\",\n            \"component_version\": \"2.19.6\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-58782\",\n            \"component_name\": \"jackrabbit-core\",\n            \"component_version\": \"2.19.6\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-3271\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-4434\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6809\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-11761\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-11762\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-11796\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1335\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1338\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1339\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-17197\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-8017\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10088\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10093\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10094\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-1950\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-1951\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-9489\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-28657\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-33813\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-25169\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-30126\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-30973\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-33879\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-54988\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-66516\",\n            \"component_name\": \"tika-core\",\n            \"component_version\": \"1.22\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.4,\n            \"has_epss_data\": false,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-4849\",\n            \"component_name\": \"derby\",\n            \"component_version\": \"10.14.2.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-7216\",\n            \"component_name\": \"derby\",\n            \"component_version\": \"10.14.2.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-7217\",\n            \"component_name\": \"derby\",\n            \"component_version\": \"10.14.2.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-4269\",\n            \"component_name\": \"derby\",\n            \"component_version\": \"10.14.2.0\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-2232\",\n            \"component_name\": \"derby\",\n            \"component_version\": \"10.14.2.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-1832\",\n            \"component_name\": \"derby\",\n            \"component_version\": \"10.14.2.0\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1313\",\n            \"component_name\": \"derby\",\n            \"component_version\": \"10.14.2.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-46337\",\n            \"component_name\": \"derby\",\n            \"component_version\": \"10.14.2.0\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-3772\",\n            \"component_name\": \"spring-integration-file\",\n            \"component_version\": \"6.4.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-5413\",\n            \"component_name\": \"spring-integration-file\",\n            \"component_version\": \"6.4.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-3253\",\n            \"component_name\": \"groovy-all\",\n            \"component_version\": \"2.1.9\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6814\",\n            \"component_name\": \"groovy-all\",\n            \"component_version\": \"2.1.9\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-17521\",\n            \"component_name\": \"groovy-all\",\n            \"component_version\": \"2.1.9\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-5045\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-5046\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-2080\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-4800\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7656\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7657\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7658\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-9735\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-12536\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-12538\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-12545\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10241\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10246\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10247\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17632\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17638\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-27216\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-27218\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-27223\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-28163\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-28164\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-28165\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-28169\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-34428\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-34429\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-2047\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-2048\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-2191\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-26048\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-26049\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-36478\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-36479\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-40167\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-41900\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-13009\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-22201\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-6762\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-6763\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-8184\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-9823\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-1948\",\n            \"component_name\": \"jetty-util\",\n            \"component_version\": \"9.4.12.v20180830\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7860\",\n            \"component_name\": \"grpc-api\",\n            \"component_version\": \"1.47.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7861\",\n            \"component_name\": \"grpc-api\",\n            \"component_version\": \"1.47.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-8359\",\n            \"component_name\": \"grpc-api\",\n            \"component_version\": \"1.47.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-9431\",\n            \"component_name\": \"grpc-api\",\n            \"component_version\": \"1.47.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-7768\",\n            \"component_name\": \"grpc-api\",\n            \"component_version\": \"1.47.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-1428\",\n            \"component_name\": \"grpc-api\",\n            \"component_version\": \"1.47.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-32731\",\n            \"component_name\": \"grpc-api\",\n            \"component_version\": \"1.47.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-32732\",\n            \"component_name\": \"grpc-api\",\n            \"component_version\": \"1.47.1\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-33953\",\n            \"component_name\": \"grpc-api\",\n            \"component_version\": \"1.47.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"grpc-api\",\n            \"component_version\": \"1.47.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-4785\",\n            \"component_name\": \"grpc-api\",\n            \"component_version\": \"1.47.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-11407\",\n            \"component_name\": \"grpc-api\",\n            \"component_version\": \"1.47.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-7246\",\n            \"component_name\": \"grpc-api\",\n            \"component_version\": \"1.47.1\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-22569\",\n            \"component_name\": \"protobuf-java\",\n            \"component_version\": \"3.19.6\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-3171\",\n            \"component_name\": \"protobuf-java\",\n            \"component_version\": \"3.19.6\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-3509\",\n            \"component_name\": \"protobuf-java\",\n            \"component_version\": \"3.19.6\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-3510\",\n            \"component_name\": \"protobuf-java\",\n            \"component_version\": \"3.19.6\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-7254\",\n            \"component_name\": \"protobuf-java\",\n            \"component_version\": \"3.19.6\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-25647\",\n            \"component_name\": \"gson\",\n            \"component_version\": \"2.9.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2000-0672\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2000-0759\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2000-0760\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2000-1210\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2001-0590\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2001-0829\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2001-0917\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2001-1563\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-0682\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-0935\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-0936\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1148\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1394\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1567\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1895\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-2006\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-2007\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-2008\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-2009\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-2272\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2003-0042\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2003-0043\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2003-0044\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2003-0045\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2003-0866\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-0808\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-2090\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-3164\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-3510\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-4703\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-4836\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-4838\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-3835\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-7195\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-7196\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-7197\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-0450\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-1355\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-1358\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-1858\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-2449\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-2450\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-3382\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-3383\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-3384\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-3385\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-3386\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-4724\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-5333\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-5342\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-5461\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-6286\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-0002\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-0128\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-1232\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-1947\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-2370\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-2938\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-3271\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-4308\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-5515\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-5519\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-0033\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-0580\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-0781\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-0783\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-2693\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-2696\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-2901\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-2902\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-3548\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-1157\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-2227\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-3718\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-4172\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-4312\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-0013\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-0534\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-1088\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-1183\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-1184\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-1419\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-1475\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-1582\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-2204\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-2481\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-2526\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-2729\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-3190\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-3375\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-3376\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-4858\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-5062\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-5063\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-5064\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-0022\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-2733\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-3544\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-3546\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-4431\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-4534\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-5568\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-5885\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-5886\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-5887\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-0346\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-2067\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-2071\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-2185\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-4286\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-4322\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-4444\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-4590\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-6357\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0033\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0050\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0075\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0095\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0096\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0099\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0119\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0227\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0230\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-7810\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-5174\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-5345\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-5346\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-5351\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-0706\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-0714\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-0762\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-0763\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-1240\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-3092\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-5018\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-5388\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-5425\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6325\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6794\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6796\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6797\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6816\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6817\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-8735\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-8745\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-8747\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-9774\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-9775\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-12615\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-12616\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-12617\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-15706\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5647\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5648\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5650\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5651\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5664\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7674\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7675\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-11784\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1304\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1305\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1336\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-8014\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-8034\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-8037\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-0199\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-0221\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-0232\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10072\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-12418\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17563\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17569\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-2684\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11996\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-13934\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-13935\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-13943\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-17527\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-1935\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-1938\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-8022\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-9484\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-24122\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-25122\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-25329\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-30639\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-30640\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-33037\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-41079\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-42340\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-43980\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-23181\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-25762\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-29885\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-34305\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-42252\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-45143\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-28708\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-28709\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-34981\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-41080\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-42794\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-42795\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-45648\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-46589\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-21733\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-23672\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-24549\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-34750\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-38286\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-50379\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-52316\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-52317\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-52318\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-54677\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-56337\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-24813\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-31650\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-31651\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-46701\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-48988\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-48989\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-49124\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-49125\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-52434\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-52520\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-53506\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-55668\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-55752\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-55754\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-61795\",\n            \"component_name\": \"annotations-api\",\n            \"component_version\": \"6.0.53\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-5045\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-5046\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-2080\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-4800\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7656\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7657\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7658\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-9735\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-12536\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-12538\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-12545\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10241\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10246\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10247\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17632\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17638\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-27216\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-27218\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-27223\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-28163\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-28164\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-28165\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-28169\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-34428\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-34429\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-2047\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-2048\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-2191\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-26048\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-26049\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-36478\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-36479\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2000-0759\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-40167\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-41900\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-13009\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-22201\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-6762\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-6763\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-8184\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-9823\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-1948\",\n            \"component_name\": \"websocket-client\",\n            \"component_version\": \"9.4.7.RC0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-8046\",\n            \"component_name\": \"spring-boot-starter-websocket\",\n            \"component_version\": \"2.7.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1196\",\n            \"component_name\": \"spring-boot-starter-websocket\",\n            \"component_version\": \"2.7.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-26987\",\n            \"component_name\": \"spring-boot-starter-websocket\",\n            \"component_version\": \"2.7.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-27772\",\n            \"component_name\": \"spring-boot-starter-websocket\",\n            \"component_version\": \"2.7.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-20873\",\n            \"component_name\": \"spring-boot-starter-websocket\",\n            \"component_version\": \"2.7.5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-20883\",\n            \"component_name\": \"spring-boot-starter-websocket\",\n            \"component_version\": \"2.7.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-22602\",\n            \"component_name\": \"spring-boot-starter-websocket\",\n            \"component_version\": \"2.7.5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-34055\",\n            \"component_name\": \"spring-boot-starter-websocket\",\n            \"component_version\": \"2.7.5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5645\",\n            \"component_name\": \"log4j-to-slf4j\",\n            \"component_version\": \"2.17.2\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17571\",\n            \"component_name\": \"log4j-to-slf4j\",\n            \"component_version\": \"2.17.2\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-9488\",\n            \"component_name\": \"log4j-to-slf4j\",\n            \"component_version\": \"2.17.2\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-9493\",\n            \"component_name\": \"log4j-to-slf4j\",\n            \"component_version\": \"2.17.2\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-4104\",\n            \"component_name\": \"log4j-to-slf4j\",\n            \"component_version\": \"2.17.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-44228\",\n            \"component_name\": \"log4j-to-slf4j\",\n            \"component_version\": \"2.17.2\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 10,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-44832\",\n            \"component_name\": \"log4j-to-slf4j\",\n            \"component_version\": \"2.17.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-45046\",\n            \"component_name\": \"log4j-to-slf4j\",\n            \"component_version\": \"2.17.2\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-45105\",\n            \"component_name\": \"log4j-to-slf4j\",\n            \"component_version\": \"2.17.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-23302\",\n            \"component_name\": \"log4j-to-slf4j\",\n            \"component_version\": \"2.17.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-23305\",\n            \"component_name\": \"log4j-to-slf4j\",\n            \"component_version\": \"2.17.2\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-23307\",\n            \"component_name\": \"log4j-to-slf4j\",\n            \"component_version\": \"2.17.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-26464\",\n            \"component_name\": \"log4j-to-slf4j\",\n            \"component_version\": \"2.17.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-68161\",\n            \"component_name\": \"log4j-to-slf4j\",\n            \"component_version\": \"2.17.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": false,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2000-0672\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2000-0760\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2000-1210\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2001-0590\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2001-0829\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2001-0917\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2001-1563\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-0682\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-0935\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-0936\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1148\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1394\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1567\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1895\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-2006\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-2007\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-2008\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-2009\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-2272\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2003-0042\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2003-0043\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2003-0044\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2003-0045\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2003-0866\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-0808\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-2090\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-3164\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-3510\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-4703\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-4836\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-4838\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-3835\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-7195\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-7196\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-7197\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-0450\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-2006\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-1355\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-1358\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-1858\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-2449\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-2450\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-3382\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-3383\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-3384\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-3385\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-3386\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-4724\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-5333\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-5342\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-5461\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-6286\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-0002\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-0128\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-1232\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-1947\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-2370\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-2938\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-3271\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-4308\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-5515\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-5519\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-0033\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-0580\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-0781\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-0783\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-2693\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-2696\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-2901\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-2902\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-3548\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-1157\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-2227\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-3718\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-4172\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-4312\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-0013\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-0534\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-1088\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-1183\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-1184\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-1419\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-1475\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-1582\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-2204\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-2481\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-2526\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-2729\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-3190\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-3375\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-3376\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-4858\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-5062\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-5063\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-5064\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-0022\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-2733\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-3544\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-3546\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-4431\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-4534\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-5568\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-5885\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-5886\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-5887\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-0346\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-2067\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-2071\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-2185\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-4286\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-4322\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-4444\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-4590\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-6357\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0033\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0050\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0075\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0095\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0096\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0099\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0119\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0227\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0230\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-7810\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-5174\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-5345\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-5346\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-5351\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-0706\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-0714\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-0762\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-0763\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-1240\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-3092\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-5018\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-5388\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-5425\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6325\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6794\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6796\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6797\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6816\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6817\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-8735\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-8745\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-8747\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-9774\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-9775\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-12615\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-12616\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-12617\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-15706\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5647\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5648\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5650\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5651\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5664\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7674\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7675\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-11784\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1304\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1305\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1336\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-8014\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-8034\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-8037\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-0199\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-0221\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-0232\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10072\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-12418\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17563\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17569\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-2684\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11996\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-13934\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-13935\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-13943\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-17527\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-1935\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-1938\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-8022\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-9484\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-24122\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-25122\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-25329\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-30639\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-30640\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-33037\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-41079\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-42340\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-43980\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-23181\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-25762\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-29885\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-34305\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-42252\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-45143\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-28708\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-28709\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-34981\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-41080\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-42794\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-42795\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-45648\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-46589\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-21733\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-23672\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-24549\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-34750\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-38286\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-50379\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-52316\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-52317\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-52318\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-54677\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-56337\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-24813\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-31650\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-31651\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-46701\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-48988\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-48989\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-49124\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-49125\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-52434\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-52520\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-53506\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-55668\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-55752\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-55754\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-61795\",\n            \"component_name\": \"tomcat-embed-core\",\n            \"component_version\": \"9.0.68\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-2894\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-4152\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-6429\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-7315\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0054\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-3625\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-0201\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-3192\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-1000027\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-9878\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-11039\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-11040\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1199\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1257\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1258\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1270\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1271\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1272\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1275\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-15756\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-15801\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-5397\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-5398\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-5421\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-22060\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-22096\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-22118\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-22950\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-22965\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-22968\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-22970\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-22971\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-20860\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-20861\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-20863\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-34053\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-22233\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-22259\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-38808\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-38820\",\n            \"component_name\": \"spring-messaging\",\n            \"component_version\": \"5.3.23\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-2894\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-4152\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-6429\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-7315\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0054\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-3625\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-0201\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-3192\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-1000027\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-9878\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-11039\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-11040\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1199\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1257\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1258\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1270\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1271\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1272\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1275\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-15756\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-15801\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-5397\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-5398\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-5421\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-22060\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-22096\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-22118\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-22950\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-22965\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-22968\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-22970\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-22971\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-20860\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-20861\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-20863\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-34053\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-22233\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-22259\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-38808\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-38820\",\n            \"component_name\": \"spring-expression\",\n            \"component_version\": \"5.3.16\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-5045\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-5046\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-2080\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-4800\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7656\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7657\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7658\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-9735\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-12536\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-12538\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-12545\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10241\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10246\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10247\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17632\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17638\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-27216\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-27218\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-27223\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-28163\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-28164\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-28165\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-28169\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-34428\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-34429\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-2047\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-2048\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-2191\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-26048\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-26049\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-36478\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-36479\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-40167\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-41900\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-13009\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-22201\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-6762\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-6763\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-8184\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-9823\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-1948\",\n            \"component_name\": \"jetty-websocket\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-5045\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-5046\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-2080\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-4800\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7656\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7657\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7658\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-9735\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-12536\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-12538\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-12545\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10241\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10246\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10247\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17632\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17638\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-27216\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-27218\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-27223\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-28163\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-28164\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-28165\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-28169\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-34428\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-34429\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-2047\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-2007\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-2048\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-2191\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-26048\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-26049\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-36478\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-36479\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-40167\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-41900\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-13009\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-22201\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-6762\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-6763\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-8184\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-9823\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-1948\",\n            \"component_name\": \"jetty-io\",\n            \"component_version\": \"8.1.0.RC5\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-5045\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-5046\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-2080\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-4800\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7656\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7657\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7658\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-9735\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-12536\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-12538\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-12545\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10241\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10246\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10247\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17632\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17638\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-27216\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-27218\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-27223\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-28163\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-28164\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-28165\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-28169\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-34428\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-34429\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-2047\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-2048\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-2191\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-26048\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-26049\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-36478\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-36479\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-40167\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-41900\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-13009\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-22201\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-6762\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-6763\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-8184\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-9823\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-1948\",\n            \"component_name\": \"servlet-api\",\n            \"component_version\": \"3.0.20100224\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-29425\",\n            \"component_name\": \"commons-io\",\n            \"component_version\": \"2.1\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-47554\",\n            \"component_name\": \"commons-io\",\n            \"component_version\": \"2.1\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-18640\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.27\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-1471\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.27\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-25857\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.27\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-38749\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.27\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-38750\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.27\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-38751\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.27\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-38752\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.27\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-41854\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.27\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0193\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-3488\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-2156\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-4970\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-16869\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-20444\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-20445\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11612\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-7238\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21290\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21295\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21409\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-37136\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-37137\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-43797\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-24823\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-41881\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-41915\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-34462\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-29025\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-47535\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-24970\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-25193\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-55163\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-58056\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-58057\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-67735\",\n            \"component_name\": \"netty-common\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": false,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0193\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-3488\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-2156\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-4970\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-16869\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-20444\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-20445\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11612\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-7238\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21290\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21295\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21409\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-37136\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-37137\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-43797\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-24823\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-41881\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-41915\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-34462\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-29025\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-47535\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-24970\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-25193\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-55163\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-58056\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-58057\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-67735\",\n            \"component_name\": \"netty-resolver-dns\",\n            \"component_version\": \"4.1.94.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": false,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-3720\",\n            \"component_name\": \"jackson-dataformat-xml\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-7051\",\n            \"component_name\": \"jackson-dataformat-xml\",\n            \"component_version\": \"2.13.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2000-0672\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2000-0759\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2000-0760\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2000-1210\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2001-0590\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2001-0829\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2001-0917\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2001-1563\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-0682\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-0935\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-0936\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1148\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1394\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1567\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1895\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-2272\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2003-0042\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2003-0043\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2003-0044\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2003-0045\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2003-0866\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-0808\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-2090\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-3164\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-3510\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-4703\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-4836\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-4838\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-3835\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-7195\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-7196\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-7197\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-0450\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-1355\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-1358\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-1858\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-2449\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-2450\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-3382\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-3383\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-3384\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-3385\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-3386\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-4724\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-5333\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-5342\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-5461\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-6286\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-0002\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-0128\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-1232\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-1947\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-2370\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-2938\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-3271\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-4308\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-5515\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-5519\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-0033\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-0580\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-0781\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-0783\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-2693\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-2696\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-2901\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-2902\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-3548\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-1157\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-2227\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-3718\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-4172\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-4312\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-0013\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-0534\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-1088\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-1183\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-1184\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-1419\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-1475\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-1582\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-2204\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-2481\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-2526\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-2729\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-3190\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-3375\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-3376\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-4858\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-5062\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-5063\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-5064\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-0022\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-2733\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-3544\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-3546\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-4431\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-4534\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-5568\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-5885\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-5886\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-5887\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-0346\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-2067\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-2071\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-2185\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-4286\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-4322\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-4444\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-4590\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-6357\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0033\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0050\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0075\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0095\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0096\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0099\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0119\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0227\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0230\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-7810\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-5174\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-5345\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-5346\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-5351\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-0706\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-0714\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-0762\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-0763\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-1240\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-3092\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-5018\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-5388\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-5425\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6325\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6794\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6796\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6797\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6816\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6817\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-8735\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-8745\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-8747\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-9774\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-9775\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-12615\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-12616\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-12617\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-15706\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5647\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5648\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5650\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5651\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5664\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7674\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7675\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-11784\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1304\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1305\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1336\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-8014\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-8034\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-8037\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-0199\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-0221\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-0232\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10072\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-12418\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17563\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17569\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-2684\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11996\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-13934\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-13935\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-13943\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-17527\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-1935\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-1938\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-8022\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-9484\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-24122\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-25122\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-25329\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-30639\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-30640\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-33037\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-41079\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-42340\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-43980\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-23181\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-25762\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-29885\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-34305\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-42252\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-45143\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-28708\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-28709\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-34981\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-41080\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-42794\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-42795\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-45648\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-46589\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-21733\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-23672\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-24549\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-34750\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-38286\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-50379\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-52316\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-52317\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-52318\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-54677\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-56337\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-24813\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-31650\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-31651\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-46701\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-48988\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-48989\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-49124\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-49125\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-52434\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-52520\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-53506\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-55668\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-55752\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-55754\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-61795\",\n            \"component_name\": \"jstl\",\n            \"component_version\": \"1.1.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-2894\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-9879\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-4995\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1199\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-11272\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-3795\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-5408\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-22112\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-22119\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-22976\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-22978\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-31690\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-31692\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-20862\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-34034\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-34035\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-34042\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-22234\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-38810\",\n            \"component_name\": \"spring-security-config\",\n            \"component_version\": \"5.6.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-18640\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.31\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-1471\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.31\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-25857\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.31\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-38749\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.31\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-38750\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.31\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-38751\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.31\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-38752\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.31\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-41854\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.31\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-2076\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-2487\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-0803\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-2378\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-2379\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-3451\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-5575\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-5633\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-5786\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-0239\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-2160\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0034\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0035\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0109\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0110\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-3584\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-3623\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-5253\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6812\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-8739\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-12624\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-3156\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5653\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5656\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-8039\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-12406\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-12419\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-12423\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17573\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-13954\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-1954\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-22696\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-30468\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-40690\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-46363\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-46364\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-28752\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-29736\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-32007\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-41172\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-23184\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-48795\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-48913\",\n            \"component_name\": \"cxf-rt-frontend-jaxrs\",\n            \"component_version\": \"3.4.4\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-3577\",\n            \"component_name\": \"httpasyncclient\",\n            \"component_version\": \"4.1.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-10237\",\n            \"component_name\": \"guava\",\n            \"component_version\": \"22.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-8908\",\n            \"component_name\": \"guava\",\n            \"component_version\": \"22.0\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-2976\",\n            \"component_name\": \"guava\",\n            \"component_version\": \"22.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-5005\",\n            \"component_name\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"component_version\": \"7.0.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-5006\",\n            \"component_name\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"component_version\": \"7.0.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-3083\",\n            \"component_name\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"component_version\": \"7.0.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-3620\",\n            \"component_name\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"component_version\": \"7.0.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-2145\",\n            \"component_name\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"component_version\": \"7.0.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-3467\",\n            \"component_name\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"component_version\": \"7.0.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-4446\",\n            \"component_name\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"component_version\": \"7.0.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-4458\",\n            \"component_name\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"component_version\": \"7.0.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-4459\",\n            \"component_name\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"component_version\": \"7.0.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-4460\",\n            \"component_name\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"component_version\": \"7.0.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-1909\",\n            \"component_name\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"component_version\": \"7.0.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-3629\",\n            \"component_name\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"component_version\": \"7.0.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-0203\",\n            \"component_name\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"component_version\": \"7.0.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-0223\",\n            \"component_name\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"component_version\": \"7.0.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-0224\",\n            \"component_name\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"component_version\": \"7.0.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-0223\",\n            \"component_name\": \"qpid-broker-plugins-amqp-msg-conv-0-8-to-0-10\",\n            \"component_version\": \"7.0.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-4849\",\n            \"component_name\": \"derby\",\n            \"component_version\": \"10.13.1.1\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-7216\",\n            \"component_name\": \"derby\",\n            \"component_version\": \"10.13.1.1\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-7217\",\n            \"component_name\": \"derby\",\n            \"component_version\": \"10.13.1.1\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-4269\",\n            \"component_name\": \"derby\",\n            \"component_version\": \"10.13.1.1\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-2232\",\n            \"component_name\": \"derby\",\n            \"component_version\": \"10.13.1.1\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-1832\",\n            \"component_name\": \"derby\",\n            \"component_version\": \"10.13.1.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1313\",\n            \"component_name\": \"derby\",\n            \"component_version\": \"10.13.1.1\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-46337\",\n            \"component_name\": \"derby\",\n            \"component_version\": \"10.13.1.1\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-5045\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-5046\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-2080\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-4800\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7656\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7657\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7658\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-9735\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-12536\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-12538\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-12545\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10241\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10246\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10247\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17632\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17638\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-27216\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-27218\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-27223\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-28163\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-28164\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-28165\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-28169\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-34428\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-34429\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-2047\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-2048\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-2191\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-26048\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-26049\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 2.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-36478\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-36479\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-40167\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-41900\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-13009\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-22201\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-6762\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-6763\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-8184\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-9823\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-1948\",\n            \"component_name\": \"jetty-server\",\n            \"component_version\": \"9.4.3.v20170317\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0193\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-3488\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-2156\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-4970\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-16869\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-20444\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-20445\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11612\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-7238\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21290\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21295\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-21409\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-37136\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-37137\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-43797\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-24823\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-41881\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-41915\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-34462\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-29025\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-47535\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-24970\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-25193\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-55163\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-58056\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-58057\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-67735\",\n            \"component_name\": \"netty-buffer\",\n            \"component_version\": \"4.1.86.Final\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": false,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-2487\",\n            \"component_name\": \"wss4j-ws-security-dom\",\n            \"component_version\": \"2.3.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-3623\",\n            \"component_name\": \"wss4j-ws-security-dom\",\n            \"component_version\": \"2.3.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-0226\",\n            \"component_name\": \"wss4j-ws-security-dom\",\n            \"component_version\": \"2.3.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-0227\",\n            \"component_name\": \"wss4j-ws-security-dom\",\n            \"component_version\": \"2.3.2\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-13936\",\n            \"component_name\": \"wss4j-ws-security-dom\",\n            \"component_version\": \"2.3.2\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-18640\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.30\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-1471\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.30\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-25857\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.30\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-38749\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.30\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-38750\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.30\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-38751\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.30\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-38752\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.30\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-41854\",\n            \"component_name\": \"snakeyaml\",\n            \"component_version\": \"1.30\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-8046\",\n            \"component_name\": \"spring-boot-starter-log4j\",\n            \"component_version\": \"1.3.8.RELEASE\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1196\",\n            \"component_name\": \"spring-boot-starter-log4j\",\n            \"component_version\": \"1.3.8.RELEASE\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-26987\",\n            \"component_name\": \"spring-boot-starter-log4j\",\n            \"component_version\": \"1.3.8.RELEASE\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-27772\",\n            \"component_name\": \"spring-boot-starter-log4j\",\n            \"component_version\": \"1.3.8.RELEASE\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-20873\",\n            \"component_name\": \"spring-boot-starter-log4j\",\n            \"component_version\": \"1.3.8.RELEASE\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-20883\",\n            \"component_name\": \"spring-boot-starter-log4j\",\n            \"component_version\": \"1.3.8.RELEASE\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-22602\",\n            \"component_name\": \"spring-boot-starter-log4j\",\n            \"component_version\": \"1.3.8.RELEASE\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-34055\",\n            \"component_name\": \"spring-boot-starter-log4j\",\n            \"component_version\": \"1.3.8.RELEASE\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2000-0672\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2000-0759\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2000-0760\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2000-1210\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2001-0590\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2001-0829\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2001-0917\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2001-1563\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-0682\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-0935\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-0936\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1148\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1394\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1567\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1895\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-2006\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-2007\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-2008\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-2009\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-2272\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2003-0042\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2003-0043\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2003-0044\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2003-0045\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2003-0866\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-0808\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-2090\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-3164\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-3510\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-4703\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-4836\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-4838\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-3835\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-7195\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-7196\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-7197\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-0450\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-1355\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-1358\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-1858\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-2449\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-2450\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-3382\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-3383\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-3384\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-3385\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-3386\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-4724\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-5333\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-5342\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-5461\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-6286\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-0002\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-0128\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-1232\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-1947\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-2370\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-2938\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-3271\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-4308\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-5515\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-5519\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-0033\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-0580\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-0781\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-0783\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-2693\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-2696\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-2901\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-2902\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-3548\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-1157\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-2227\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-3718\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-4172\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-4312\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-0013\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-0534\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-1088\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-1183\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-1184\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-1419\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-1475\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-1582\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-2204\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-2481\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-2526\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-2729\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-3190\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-3375\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-3376\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-4858\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-5062\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-5063\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-5064\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-0022\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-2733\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-3544\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-3546\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-4431\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-4534\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-5568\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-5885\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-5886\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-5887\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-0346\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-2067\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-2071\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-2185\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-4286\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-4322\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-4444\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-4590\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-6357\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0033\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0050\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0075\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0095\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0096\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0099\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0119\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0227\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0230\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-7810\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-5174\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-5345\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-5346\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-5351\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-0706\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-0714\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-0762\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-0763\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-1240\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-3092\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-5018\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-5388\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-5425\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6325\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6794\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6796\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6797\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6816\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6817\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-8735\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-8745\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-8747\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-9774\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-9775\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-12615\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-12616\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-12617\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-15706\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5647\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5648\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5650\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5651\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5664\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7674\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7675\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-11784\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1304\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1305\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1336\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-8014\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-8034\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-8037\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-0199\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-0221\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-0232\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10072\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-12418\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17563\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17569\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-2684\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11996\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-13934\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-13935\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-13943\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-17527\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-1935\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-1938\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-8022\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-9484\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-24122\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-25122\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-25329\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-30639\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-30640\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-33037\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-41079\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-42340\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-43980\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-23181\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-25762\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-29885\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-34305\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-42252\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-45143\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-28708\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-28709\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-34981\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-41080\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-42794\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-42795\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-45648\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-46589\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-21733\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-23672\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-24549\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-34750\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-38286\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-50379\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-52316\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-52317\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-52318\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-54677\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-56337\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-24813\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-31650\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-31651\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-46701\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-48988\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-48989\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-49124\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-49125\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-52434\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-52520\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-53506\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-55668\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-55752\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-55754\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-61795\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"8.5.20\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2000-0672\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2000-0759\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2000-0760\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2000-1210\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2001-0590\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2001-0829\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2001-0917\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2001-1563\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-0682\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-0935\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-0936\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1148\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1394\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1567\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-1895\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-2006\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-2007\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-2008\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-2009\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2002-2272\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2003-0042\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2003-0043\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2003-0044\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2003-0045\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2003-0866\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-0808\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-2090\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-3164\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-3510\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-4703\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-4836\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2005-4838\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-3835\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-7195\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-7196\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2006-7197\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-0450\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-1355\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-1358\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-1858\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-2449\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-2450\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-3382\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-3383\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-3384\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-3385\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-3386\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-4724\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-5333\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-5342\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-5461\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2007-6286\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-0002\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-0128\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-1232\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-1947\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-2370\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-2938\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-3271\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-4308\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-5515\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2008-5519\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-0033\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-0580\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-0781\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-0783\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-2693\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-2696\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-2901\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-2902\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2009-3548\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-1157\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-2227\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-3718\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-4172\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2010-4312\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-0013\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-0534\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-1088\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-1183\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-1184\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-1419\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-1475\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-1582\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-2204\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-2481\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-2526\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-2729\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-3190\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-3375\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-3376\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-4858\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-5062\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-5063\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2011-5064\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-0022\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-2733\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-3544\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-3546\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-4431\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-4534\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-5568\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-5885\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-5886\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2012-5887\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-0346\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-2067\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-2071\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-2185\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-4286\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-4322\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-4444\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-4590\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2013-6357\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0033\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0050\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0075\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0095\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0096\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0099\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0119\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0227\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-0230\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2014-7810\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-5174\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-5345\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-5346\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2015-5351\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-0706\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-0714\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-0762\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-0763\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-1240\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-3092\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-5018\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-5388\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-5425\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6325\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6794\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6796\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6797\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6816\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-6817\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-8735\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-8745\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-8747\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-9774\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2016-9775\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-12615\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-12616\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-12617\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-15706\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5647\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5648\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5650\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5651\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-5664\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7674\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2017-7675\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-11784\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1304\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1305\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-1336\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-8014\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-8034\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2018-8037\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-0199\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-0221\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-0232\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-10072\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-12418\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17563\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-17569\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2019-2684\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-11996\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-13934\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-13935\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-13943\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-17527\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-1935\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-1938\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-8022\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2020-9484\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-24122\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-25122\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-25329\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-30639\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-30640\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-33037\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-41079\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-42340\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2021-43980\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-23181\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-25762\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-29885\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-34305\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-42252\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2022-45143\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-28708\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-28709\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-34981\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-41080\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-42794\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-42795\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-44487\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-45648\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2023-46589\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-21733\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-23672\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-24549\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-34750\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-38286\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-50379\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-52316\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-52317\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-52318\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-54677\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2024-56337\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-24813\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": true,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-31650\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-31651\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-46701\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-48988\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-48989\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-49124\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-49125\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-52434\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-52520\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-53506\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-55668\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-55752\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-55754\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        },\n        {\n            \"cve_id\": \"CVE-2025-61795\",\n            \"component_name\": \"tomcat-dbcp\",\n            \"component_version\": \"9.0.85\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": false,\n            \"created_at\": \"2026-01-21T13:59:57.306Z\"\n        }\n    ]\n}"}],"_postman_id":"c6c86a79-e91f-4063-ba38-2b629df261ce"}],"id":"2899e122-356d-4bc7-ac74-8b895d6e86a2","_postman_id":"2899e122-356d-4bc7-ac74-8b895d6e86a2","description":""}],"id":"a27ad771-869c-443e-993d-46ec5847aa58","_postman_id":"a27ad771-869c-443e-993d-46ec5847aa58","description":""},{"name":"Simply Connect","item":[{"name":"hbom_scan_reports Report Sum","id":"fca8cf2a-cf86-44bb-9c2e-8548155e7599","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/hbom/simply/seclabui/dashboard-reports","urlObject":{"port":"2999","path":["hbom","simply","seclabui","dashboard-reports"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[{"id":"8ba79e95-b84f-4c5c-bd81-74aa7aebeea0","name":"Dashboard","originalRequest":{"method":"GET","header":[],"url":"{{sl-host}}:2999/hbom/simply/seclabui/dashboard-reports"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"309"},{"key":"ETag","value":"W/\"135-WS3os9G5bZo4oFOtbCjwGuSPSes\""},{"key":"Date","value":"Wed, 17 Dec 2025 13:03:42 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n    \"success\": true,\n    \"data\": [\n        {\n            \"id\": \"1\",\n            \"scan_date\": \"2025-12-15T10:41:11.417Z\",\n            \"device_name\": \"XMBX4\",\n            \"device_version\": \"5.9.2\",\n            \"firmware_version\": null,\n            \"components_scanned\": 93,\n            \"components_with_cves\": 6,\n            \"total_vulnerabilities\": 130,\n            \"critical_count\": 15,\n            \"high_count\": 36,\n            \"medium_count\": 78,\n            \"low_count\": 1,\n            \"unknown_count\": 0\n        }\n    ]\n}"}],"_postman_id":"fca8cf2a-cf86-44bb-9c2e-8548155e7599"},{"name":"Global Vulnerabilities","id":"a88ff718-f6da-4634-8f5b-55090861b1d9","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/hbom/simply/seclabui/total-vulnerabilities","urlObject":{"port":"2999","path":["hbom","simply","seclabui","total-vulnerabilities"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[{"id":"c17ab44f-2fb9-4119-a549-b387acd13a53","name":"Global Vulnerabilities","originalRequest":{"method":"GET","header":[],"url":"{{sl-host}}:2999/hbom/simply/seclabui/total-vulnerabilities"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"55"},{"key":"ETag","value":"W/\"37-ws0tpZhYWS754wEaseMzud2Edpc\""},{"key":"Date","value":"Wed, 17 Dec 2025 13:03:55 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n    \"success\": true,\n    \"data\": [\n        {\n            \"total_vulnerabilities\": 130\n        }\n    ]\n}"}],"_postman_id":"a88ff718-f6da-4634-8f5b-55090861b1d9"},{"name":"Vulnerabilities by severity","id":"594cf8a1-1ba0-4433-90be-17af37e322f6","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/hbom/simply/seclabui/vulnerabilities-by-severity","urlObject":{"port":"2999","path":["hbom","simply","seclabui","vulnerabilities-by-severity"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[{"id":"7647a8a6-6a64-4d01-80fd-d751d6f7201f","name":"Global Vulnerabilities Copy","originalRequest":{"method":"GET","header":[],"url":"{{sl-host}}:2999/hbom/simply/seclabui/vulnerabilities-by-severity"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"113"},{"key":"ETag","value":"W/\"71-3pGthD38LcQN9N8FGoXQc/fltfw\""},{"key":"Date","value":"Wed, 17 Dec 2025 13:04:02 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n    \"success\": true,\n    \"data\": [\n        {\n            \"critical_count\": 15,\n            \"high_count\": 36,\n            \"medium_count\": 78,\n            \"low_count\": 1,\n            \"unknown_count\": 0\n        }\n    ]\n}"}],"_postman_id":"594cf8a1-1ba0-4433-90be-17af37e322f6"},{"name":"Components Scanned","id":"9247e7de-abba-44e5-94a0-d200da0a62b4","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/hbom/simply/seclabui/components-scanned","urlObject":{"port":"2999","path":["hbom","simply","seclabui","components-scanned"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[{"id":"797a9d9d-3e0f-4ff9-92d8-43133133fb24","name":"Global Vulnerabilities Copy 2","originalRequest":{"method":"GET","header":[],"url":"{{sl-host}}:2999/hbom/simply/seclabui/components-scanned"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"51"},{"key":"ETag","value":"W/\"33-oPdEkHzFTS9mYlX9kqiq36o9t98\""},{"key":"Date","value":"Wed, 17 Dec 2025 13:04:10 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n    \"success\": true,\n    \"data\": [\n        {\n            \"components_scanned\": 93\n        }\n    ]\n}"}],"_postman_id":"9247e7de-abba-44e5-94a0-d200da0a62b4"},{"name":"Scan History","id":"5e51f1d5-f7c3-4ca5-913d-755c78219b2b","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/hbom/simply/seclabui/scan-history","urlObject":{"port":"2999","path":["hbom","simply","seclabui","scan-history"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[{"id":"dc5075fb-4d39-441d-a375-c38ff370383b","name":"Global Vulnerabilities Copy 3","originalRequest":{"method":"GET","header":[],"url":"{{sl-host}}:2999/hbom/simply/seclabui/scan-history"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"233839"},{"key":"ETag","value":"W/\"3916f-Fcj8cOMHOfpMn2pk5vjPPr4mxWs\""},{"key":"Date","value":"Wed, 17 Dec 2025 13:04:18 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n    \"success\": true,\n    \"data\": [\n        {\n            \"id\": \"1\",\n            \"scan_date\": \"2025-12-15T10:41:11.417Z\",\n            \"device_name\": \"XMBX4\",\n            \"device_version\": \"5.9.2\",\n            \"firmware_version\": null,\n            \"hbom_file_path\": \".//services//products-hbom-builder//simply-connect//output//xmbx4-bom.json\",\n            \"source\": \"seclab-internal\",\n            \"enrichment_mode\": \"complete\",\n            \"total_vulnerabilities\": 130,\n            \"critical_count\": 15,\n            \"high_count\": 36,\n            \"medium_count\": 78,\n            \"low_count\": 1,\n            \"unknown_count\": 0,\n            \"components_scanned\": 93,\n            \"components_with_cves\": 6,\n            \"scan_duration_seconds\": 130,\n            \"report_json\": {\n                \"device\": \"XMBX4\",\n                \"source\": \"seclab-internal\",\n                \"sbom_file\": \".//services//products-hbom-builder//simply-connect//output//xmbx4-bom.json\",\n                \"scan_date\": \"2025-12-15T10:41:11.417Z\",\n                \"enrichment\": \"complete\",\n                \"device_version\": \"5.9.2\",\n                \"severity_counts\": {\n                    \"LOW\": 1,\n                    \"HIGH\": 36,\n                    \"MEDIUM\": 78,\n                    \"UNKNOWN\": 0,\n                    \"CRITICAL\": 15\n                },\n                \"vulnerabilities\": [\n                    {\n                        \"cpe\": \"cpe:2.3:a:espressif:esp_idf:5.4:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:github/espressif/esp-idf@v5.4\",\n                        \"cve_id\": \"CVE-2018-18558\",\n                        \"version\": \"5.4\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"esp-idf\",\n                        \"cvss_score\": 6.4,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00036,\n                                \"percentile\": 0.09916\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2018-10278\",\n                                \"epss\": \"0.0400\",\n                                \"aliases\": [\n                                    \"CVE-2018-18558\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"6.4\",\n                                \"references\": [\n                                    \"https://github.com/espressif/esp-idf/releases\",\n                                    \"https://www.espressif.com/en/news/Espressif_Product_Security_Advisory_Concerning_Secure_Boot_(CVE-2018-18558)\",\n                                    \"https://www.espressif.com/en/news/Espressif_Product_Security_Advisory_Concerning_Secure_Boot_%28CVE-2018-18558%29\"\n                                ],\n                                \"description\": \"An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1. Insufficient validation of input data in the 2nd stage bootloader allows a physically proximate attacker to bypass secure boot checks and execute arbitrary code, by crafting an application binary that overwrites a bootloader code segment in process_segment in components/bootloader_support/src/esp_image_format.c. The attack is effective when the flash encryption feature is not enabled, or if the attacker finds a different vulnerability that allows them to write this binary to flash memory.\",\n                                \"datePublished\": \"2019-05-13T10:49:59.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"ac2ab94d-1beb-30e9-88e3-11d2ff35b190\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1. Insufficient validation of input data in the 2nd stage bootloader allows a physically proximate attacker to bypass secure boot checks and execute arbitrary code, by crafting an application binary that overwrites a bootloader code segment in process_segment in components/bootloader_support/src/esp_image_format.c. The attack is effective when the flash encryption feature is not enabled, or if the attacker finds a different vulnerability that allows them to write this binary to flash memory.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:espressif:esp_idf:5.4:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:github/espressif/esp-idf@v5.4\",\n                        \"cve_id\": \"CVE-2019-12586\",\n                        \"version\": \"5.4\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"esp-idf\",\n                        \"cvss_score\": 6.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.03703,\n                                \"percentile\": 0.87457\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2019-4180\",\n                                \"epss\": \"3.7000\",\n                                \"aliases\": [\n                                    \"CVE-2019-12586\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"6.5\",\n                                \"references\": [\n                                    \"https://github.com/espressif\",\n                                    \"https://github.com/Matheus-Garbelini/esp32_esp8266_attacks\",\n                                    \"https://matheus-garbelini.github.io/home/post/esp32-esp8266-eap-crash/\"\n                                ],\n                                \"description\": \"The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service (crash) via a crafted message.\",\n                                \"datePublished\": \"2019-09-04T18:00:45.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"3060605f-e34e-317f-b354-de842eb2fe43\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service (crash) via a crafted message.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:espressif:esp_idf:5.4:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:github/espressif/esp-idf@v5.4\",\n                        \"cve_id\": \"CVE-2019-12587\",\n                        \"version\": \"5.4\",\n                        \"enriched\": true,\n                        \"severity\": \"HIGH\",\n                        \"component\": \"esp-idf\",\n                        \"cvss_score\": 8.1,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00102,\n                                \"percentile\": 0.28597\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2019-4181\",\n                                \"epss\": \"0.1000\",\n                                \"aliases\": [\n                                    \"CVE-2019-12587\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"8.1\",\n                                \"references\": [\n                                    \"https://github.com/espressif\",\n                                    \"https://github.com/Matheus-Garbelini/esp32_esp8266_attacks\",\n                                    \"https://matheus-garbelini.github.io/home/post/zero-pmk-installation/\"\n                                ],\n                                \"description\": \"The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key (PMK) after the completion of any EAP authentication method, which allows attackers in radio range to replay, decrypt, or spoof frames via a rogue access point.\",\n                                \"datePublished\": \"2019-09-04T09:31:48.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"3e107ffb-d09a-3aaf-a49a-d9c3812748d4\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key (PMK) after the completion of any EAP authentication method, which allows attackers in radio range to replay, decrypt, or spoof frames via a rogue access point.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:espressif:esp_idf:5.4:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:github/espressif/esp-idf@v5.4\",\n                        \"cve_id\": \"CVE-2019-15894\",\n                        \"version\": \"5.4\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"esp-idf\",\n                        \"cvss_score\": 6.8,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00053,\n                                \"percentile\": 0.16341\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2019-6805\",\n                                \"epss\": \"0.0500\",\n                                \"aliases\": [\n                                    \"CVE-2019-15894\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"6.8\",\n                                \"references\": [\n                                    \"https://www.espressif.com/en/news/Espressif_Security_Advisory_Concerning_Fault_Injection_and_Secure_Boot\"\n                                ],\n                                \"description\": \"An issue was discovered in Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.6, 3.2.x through 3.2.3, and 3.3.x through 3.3.1. An attacker who uses fault injection to physically disrupt the ESP32 CPU can bypass the Secure Boot digest verification at startup, and boot unverified code from flash. The fault injection attack does not disable the Flash Encryption feature, so if the ESP32 is configured with the recommended combination of Secure Boot and Flash Encryption, then the impact is minimized. If the ESP32 is configured without Flash Encryption then successful fault injection allows arbitrary code execution. To protect devices with Flash Encryption and Secure Boot enabled against this attack, a firmware change must be made to permanently enable Flash Encryption in the field if it is not already permanently enabled.\",\n                                \"datePublished\": \"2019-10-07T13:54:40.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"40bcad43-ba6f-3144-949a-52b545cb2240\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"An issue was discovered in Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.6, 3.2.x through 3.2.3, and 3.3.x through 3.3.1. An attacker who uses fault injection to physically disrupt the ESP32 CPU can bypass the Secure Boot digest verification at startup, and boot unverified code from flash. The fault injection attack does not disable the Flash Encryption feature, so if the ESP32 is configured with the recommended combination of Secure Boot and Flash Encryption, then the impact is minimized. If the ESP32 is configured without Flash Encryption then successful fault injection allows arbitrary code execution. To protect devices with Flash Encryption and Secure Boot enabled against this attack, a firmware change must be made to permanently enable Flash Encryption in the field if it is not already permanently enabled.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:espressif:esp_idf:5.4:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:github/espressif/esp-idf@v5.4\",\n                        \"cve_id\": \"CVE-2020-12638\",\n                        \"version\": \"5.4\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"esp-idf\",\n                        \"cvss_score\": 6.8,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.0004,\n                                \"percentile\": 0.11773\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2020-4939\",\n                                \"epss\": \"0.0400\",\n                                \"aliases\": [\n                                    \"CVE-2020-12638\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"6.8\",\n                                \"references\": [\n                                    \"https://github.com/espressif/esp-idf\",\n                                    \"https://github.com/espressif/ESP8266_NONOS_SDK\",\n                                    \"https://github.com/espressif/ESP8266_RTOS_SDK\",\n                                    \"https://lbsfilm.at/blog/wpa2-authenticationmode-downgrade-in-espressif-microprocessors\"\n                                ],\n                                \"description\": \"An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2, ESP8266_NONOS_SDK devices through 3.0.3, and ESP8266_RTOS_SDK devices through 3.3. Broadcasting forged beacon frames forces a device to change its authentication mode to OPEN, effectively disabling its 802.11 encryption.\",\n                                \"datePublished\": \"2020-07-23T13:41:58.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"27893efa-b742-34f1-a1a6-c90f21360268\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2, ESP8266_NONOS_SDK devices through 3.0.3, and ESP8266_RTOS_SDK devices through 3.3. Broadcasting forged beacon frames forces a device to change its authentication mode to OPEN, effectively disabling its 802.11 encryption.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:espressif:esp_idf:5.4:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:github/espressif/esp-idf@v5.4\",\n                        \"cve_id\": \"CVE-2020-13594\",\n                        \"version\": \"5.4\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"esp-idf\",\n                        \"cvss_score\": 6.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00152,\n                                \"percentile\": 0.36411\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2020-5841\",\n                                \"epss\": \"0.1500\",\n                                \"aliases\": [\n                                    \"CVE-2020-13594\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"6.5\",\n                                \"references\": [\n                                    \"https://asset-group.github.io/disclosures/sweyntooth/\",\n                                    \"https://asset-group.github.io/cves.html\",\n                                    \"https://github.com/espressif/esp32-bt-lib\"\n                                ],\n                                \"description\": \"The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.2 and earlier (for ESP32 devices) does not properly restrict the channel map field of the connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet.\",\n                                \"datePublished\": \"2020-08-31T12:58:25.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"aa192897-2861-3963-a7b5-a8c60d8978eb\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.2 and earlier (for ESP32 devices) does not properly restrict the channel map field of the connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:espressif:esp_idf:5.4:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:github/espressif/esp-idf@v5.4\",\n                        \"cve_id\": \"CVE-2020-13595\",\n                        \"version\": \"5.4\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"esp-idf\",\n                        \"cvss_score\": 6.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00237,\n                                \"percentile\": 0.4671\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2020-5842\",\n                                \"epss\": \"0.2400\",\n                                \"aliases\": [\n                                    \"CVE-2020-13595\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"6.5\",\n                                \"references\": [\n                                    \"https://asset-group.github.io/disclosures/sweyntooth/\",\n                                    \"https://asset-group.github.io/cves.html\",\n                                    \"https://github.com/espressif/esp32-bt-lib\"\n                                ],\n                                \"description\": \"The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.0 through 4.2 (for ESP32 devices) returns the wrong number of completed BLE packets and triggers a reachable assertion on the host stack when receiving a packet with an MIC failure. An attacker within radio range can silently trigger the assertion (which disables the target's BLE stack) by sending a crafted sequence of BLE packets.\",\n                                \"datePublished\": \"2020-08-31T12:59:57.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"d8503e46-6870-3e3a-be81-153e2c923489\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.0 through 4.2 (for ESP32 devices) returns the wrong number of completed BLE packets and triggers a reachable assertion on the host stack when receiving a packet with an MIC failure. An attacker within radio range can silently trigger the assertion (which disables the target's BLE stack) by sending a crafted sequence of BLE packets.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:espressif:esp_idf:5.4:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:github/espressif/esp-idf@v5.4\",\n                        \"cve_id\": \"CVE-2020-16146\",\n                        \"version\": \"5.4\",\n                        \"enriched\": true,\n                        \"severity\": \"HIGH\",\n                        \"component\": \"esp-idf\",\n                        \"cvss_score\": 7.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00354,\n                                \"percentile\": 0.57059\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2020-8112\",\n                                \"epss\": \"0.3500\",\n                                \"aliases\": [\n                                    \"CVE-2020-16146\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"7.5\",\n                                \"references\": [\n                                    \"https://github.com/espressif/esp-idf\",\n                                    \"https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/CVE-2020-16146.md\"\n                                ],\n                                \"description\": \"Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.7, 3.2.x through 3.2.3, 3.3.x through 3.3.2, and 4.0.x through 4.0.1 has a Buffer Overflow in BluFi provisioning in btc_blufi_recv_handler function in blufi_prf.c. An attacker can send a crafted BluFi protocol Write Attribute command to characteristic 0xFF01. With manipulated packet fields, there is a buffer overflow.\",\n                                \"datePublished\": \"2021-01-12T01:56:11.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"2baf8e9c-d431-3f5c-bac4-36eaecbdc300\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.7, 3.2.x through 3.2.3, 3.3.x through 3.3.2, and 4.0.x through 4.0.1 has a Buffer Overflow in BluFi provisioning in btc_blufi_recv_handler function in blufi_prf.c. An attacker can send a crafted BluFi protocol Write Attribute command to characteristic 0xFF01. With manipulated packet fields, there is a buffer overflow.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:espressif:esp_idf:5.4:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:github/espressif/esp-idf@v5.4\",\n                        \"cve_id\": \"CVE-2021-28135\",\n                        \"version\": \"5.4\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"esp-idf\",\n                        \"cvss_score\": 6.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00234,\n                                \"percentile\": 0.46147\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2021-14834\",\n                                \"epss\": \"0.2300\",\n                                \"aliases\": [\n                                    \"CVE-2021-28135\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"6.5\",\n                                \"references\": [\n                                    \"https://github.com/espressif/esp-idf\",\n                                    \"https://github.com/espressif/esp32-bt-lib\",\n                                    \"https://www.espressif.com/en/products/socs/esp32\",\n                                    \"https://dl.packetstormsecurity.net/papers/general/braktooth.pdf\"\n                                ],\n                                \"description\": \"The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (crash) in ESP32 by flooding the target device with LMP Feature Response data.\",\n                                \"datePublished\": \"2021-09-07T03:56:29.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"e0c31709-e1f0-3800-b028-683cd7f9caaf\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (crash) in ESP32 by flooding the target device with LMP Feature Response data.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:espressif:esp_idf:5.4:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:github/espressif/esp-idf@v5.4\",\n                        \"cve_id\": \"CVE-2021-28136\",\n                        \"version\": \"5.4\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"esp-idf\",\n                        \"cvss_score\": 6.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00286,\n                                \"percentile\": 0.51647\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2021-14835\",\n                                \"epss\": \"0.2900\",\n                                \"aliases\": [\n                                    \"CVE-2021-28136\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"6.5\",\n                                \"references\": [\n                                    \"https://github.com/espressif/esp-idf\",\n                                    \"https://github.com/espressif/esp32-bt-lib\",\n                                    \"https://www.espressif.com/en/products/socs/esp32\",\n                                    \"https://dl.packetstormsecurity.net/papers/general/braktooth.pdf\"\n                                ],\n                                \"description\": \"The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple LMP IO Capability Request packets during the pairing process, allowing attackers in radio range to trigger memory corruption (and consequently a crash) in ESP32 via a replayed (duplicated) LMP packet.\",\n                                \"datePublished\": \"2021-09-07T03:52:46.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"88a92b7a-7209-3e1e-ac17-e96beded9140\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple LMP IO Capability Request packets during the pairing process, allowing attackers in radio range to trigger memory corruption (and consequently a crash) in ESP32 via a replayed (duplicated) LMP packet.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:espressif:esp_idf:5.4:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:github/espressif/esp-idf@v5.4\",\n                        \"cve_id\": \"CVE-2021-28139\",\n                        \"version\": \"5.4\",\n                        \"enriched\": true,\n                        \"severity\": \"HIGH\",\n                        \"component\": \"esp-idf\",\n                        \"cvss_score\": 8.8,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00464,\n                                \"percentile\": 0.6347\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2021-14838\",\n                                \"epss\": \"0.4600\",\n                                \"aliases\": [\n                                    \"CVE-2021-28139\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"8.8\",\n                                \"references\": [\n                                    \"https://github.com/espressif/esp-idf\",\n                                    \"https://github.com/espressif/esp32-bt-lib\",\n                                    \"https://www.espressif.com/en/products/socs/esp32\",\n                                    \"https://dl.packetstormsecurity.net/papers/general/braktooth.pdf\"\n                                ],\n                                \"description\": \"The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ESP32 via a crafted Extended Features bitfield payload.\",\n                                \"datePublished\": \"2021-09-07T04:27:53.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"ecd8d360-2bce-34ba-8549-81c3db3bc1de\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ESP32 via a crafted Extended Features bitfield payload.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:espressif:esp_idf:5.4:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:github/espressif/esp-idf@v5.4\",\n                        \"cve_id\": \"CVE-2022-24893\",\n                        \"version\": \"5.4\",\n                        \"enriched\": true,\n                        \"severity\": \"HIGH\",\n                        \"component\": \"esp-idf\",\n                        \"cvss_score\": 7.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00109,\n                                \"percentile\": 0.29742\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2022-29659\",\n                                \"epss\": \"0.1100\",\n                                \"aliases\": [\n                                    \"CVE-2022-24893\"\n                                ],\n                                \"assigner\": \"GitHub_M\",\n                                \"baseScore\": \"7.5\",\n                                \"references\": [\n                                    \"https://github.com/espressif/esp-idf/security/advisories/GHSA-7f7f-jj2q-28wm\"\n                                ],\n                                \"description\": \"ESP-IDF is the official development framework for Espressif SoCs. In Espressif’s Bluetooth Mesh SDK (`ESP-BLE-MESH`), a memory corruption vulnerability can be triggered during provisioning, because there is no check for the `SegN` field of the Transaction Start PDU. This can result in memory corruption related attacks and potentially attacker gaining control of the entire system. Patch commits are available on the 4.1, 4.2, 4.3 and 4.4 branches and users are recommended to upgrade. The upgrade is applicable for all applications and users of `ESP-BLE-MESH` component from `ESP-IDF`. As it is implemented in the Bluetooth Mesh stack, there is no workaround for the user to fix the application layer without upgrading the underlying firmware.\",\n                                \"datePublished\": \"2022-06-25T04:55:09.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"02a3ed59-b312-3a1d-a3b2-ee48cbb02d08\",\n                                        \"product\": {\n                                            \"name\": \"esp-idf\"\n                                        },\n                                        \"product_version\": \"> 4.4.1,  < 4.4.2\"\n                                    },\n                                    {\n                                        \"id\": \"1ac07c78-ba68-3c3a-af0f-3e342f2e76e2\",\n                                        \"product\": {\n                                            \"name\": \"esp-idf\"\n                                        },\n                                        \"product_version\": \"> 4.2.0, < 4.2.4\"\n                                    },\n                                    {\n                                        \"id\": \"a44b1ce9-8cdc-3846-b616-aaf7b04bba1c\",\n                                        \"product\": {\n                                            \"name\": \"esp-idf\"\n                                        },\n                                        \"product_version\": \"< 4.1.4\"\n                                    },\n                                    {\n                                        \"id\": \"c6206677-2bf3-31df-af82-d327ea80d83d\",\n                                        \"product\": {\n                                            \"name\": \"esp-idf\"\n                                        },\n                                        \"product_version\": \"> 4.3.2, < 4.3.3\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"ESP-IDF is the official development framework for Espressif SoCs. In Espressif’s Bluetooth Mesh SDK (`ESP-BLE-MESH`), a memory corruption vulnerability can be triggered during provisioning, because there is no check for the `SegN` field of the Transaction Start PDU. This can result in memory corruption related attacks and potentially attacker gaining control of the entire system. Patch commits are available on the 4.1, 4.2, 4.3 and 4.4 branches and users are recommended to upgrade. The upgrade is applicable for all applications and users of `ESP-BLE-MESH` component from `ESP-IDF`. As it is implemented in the Bluetooth Mesh stack, there is no workaround for the user to fix the application layer without upgrading the underlying firmware.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:espressif:esp_idf:5.4:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:github/espressif/esp-idf@v5.4\",\n                        \"cve_id\": \"CVE-2024-28183\",\n                        \"version\": \"5.4\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"esp-idf\",\n                        \"cvss_score\": 6.1,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00041,\n                                \"percentile\": 0.11999\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2024-25308\",\n                                \"epss\": \"0.0400\",\n                                \"aliases\": [\n                                    \"CVE-2024-28183\"\n                                ],\n                                \"assigner\": \"GitHub_M\",\n                                \"baseScore\": \"6.1\",\n                                \"references\": [\n                                    \"https://github.com/espressif/esp-idf/security/advisories/GHSA-22x6-3756-pfp8\",\n                                    \"https://github.com/espressif/esp-idf/commit/3305cb4d235182067936f8e940e6db174e25b4b2\",\n                                    \"https://github.com/espressif/esp-idf/commit/4c95aa445d4e84f01f86b6f3a552aa299276abf3\",\n                                    \"https://github.com/espressif/esp-idf/commit/534e3ad1fa68526a5f989fb2163856d6b7cd2c87\",\n                                    \"https://github.com/espressif/esp-idf/commit/7003f1ef0dffc73c34eb153d1b0710babb078149\",\n                                    \"https://github.com/espressif/esp-idf/commit/b2cdc0678965790f49afeb6e6b0737cd24433a05\",\n                                    \"https://github.com/espressif/esp-idf/commit/c33b9e1426121ce8cccf1a94241740be9cff68de\",\n                                    \"https://github.com/espressif/esp-idf/commit/f327ddf6adab0c28d395975785727b2feef57803\"\n                                ],\n                                \"description\": \"ESP-IDF is the development framework for Espressif SoCs supported on Windows, Linux and macOS. A Time-of-Check to Time-of-Use (TOCTOU) vulnerability was discovered in the implementation of the ESP-IDF bootloader which could allow an attacker with physical access to flash of the device to bypass anti-rollback protection. Anti-rollback prevents rollback to application with security version lower than one programmed in eFuse of chip. This attack can allow to boot past (passive) application partition having lower security version of the same device even in the presence of the flash encryption scheme. The attack requires carefully modifying the flash contents after the anti-rollback checks have been performed by the bootloader (before loading the application). The vulnerability is fixed in 4.4.7 and 5.2.1.\",\n                                \"datePublished\": \"2024-03-25T13:31:28.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"00198665-e8b5-3687-a9d3-4748f4be7178\",\n                                        \"product\": {\n                                            \"name\": \"esp-idf\"\n                                        },\n                                        \"product_version\": \"< 4.4.7\"\n                                    },\n                                    {\n                                        \"id\": \"6c2ed16f-97a3-3c8c-a09c-7ec93a9a04e6\",\n                                        \"product\": {\n                                            \"name\": \"esp-idf\"\n                                        },\n                                        \"product_version\": \"5.0, ≤ 5.0.6\"\n                                    },\n                                    {\n                                        \"id\": \"99e9c95b-46e6-3a7d-b422-7ae1ff4a48b2\",\n                                        \"product\": {\n                                            \"name\": \"esp-idf\"\n                                        },\n                                        \"product_version\": \"5.1, ≤ 5.1.3\"\n                                    },\n                                    {\n                                        \"id\": \"b8455567-fb15-3410-ac84-5141bf66c252\",\n                                        \"product\": {\n                                            \"name\": \"esp-idf\"\n                                        }\n                                    },\n                                    {\n                                        \"id\": \"d9d8652d-5a3d-3837-bb8f-4e2349f7d3a0\",\n                                        \"product\": {\n                                            \"name\": \"esp-idf\"\n                                        },\n                                        \"product_version\": \"5.2, < 5.2.1\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"ESP-IDF is the development framework for Espressif SoCs supported on Windows, Linux and macOS. A Time-of-Check to Time-of-Use (TOCTOU) vulnerability was discovered in the implementation of the ESP-IDF bootloader which could allow an attacker with physical access to flash of the device to bypass anti-rollback protection. Anti-rollback prevents rollback to application with security version lower than one programmed in eFuse of chip. This attack can allow to boot past (passive) application partition having lower security version of the same device even in the presence of the flash encryption scheme. The attack requires carefully modifying the flash contents after the anti-rollback checks have been performed by the bootloader (before loading the application). The vulnerability is fixed in 4.4.7 and 5.2.1.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:espressif:esp_idf:5.4:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:github/espressif/esp-idf@v5.4\",\n                        \"cve_id\": \"CVE-2024-33453\",\n                        \"version\": \"5.4\",\n                        \"enriched\": true,\n                        \"severity\": \"HIGH\",\n                        \"component\": \"esp-idf\",\n                        \"cvss_score\": 8.1,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.0477,\n                                \"percentile\": 0.88978\n                            },\n                            \"euvd\": null,\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to obtain sensitive information via the externalId component.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:espressif:esp_idf:5.4:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:github/espressif/esp-idf@v5.4\",\n                        \"cve_id\": \"CVE-2024-33454\",\n                        \"version\": \"5.4\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"esp-idf\",\n                        \"cvss_score\": 6.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.01265,\n                                \"percentile\": 0.7882\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2024-31192\",\n                                \"epss\": \"1.2600\",\n                                \"aliases\": [\n                                    \"CVE-2024-33454\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"6.5\",\n                                \"references\": [\n                                    \"https://gist.github.com/Zakary-D/30f565c4266c02c62aa9089c363e78e9\"\n                                ],\n                                \"description\": \"Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the Bluetooth stack component.\",\n                                \"datePublished\": \"2024-05-09T13:57:23.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"b7f400f8-f5fe-3cf5-acb0-9b089d358bb7\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the Bluetooth stack component.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:espressif:esp_idf:5.4:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:github/espressif/esp-idf@v5.4\",\n                        \"cve_id\": \"CVE-2024-53406\",\n                        \"version\": \"5.4\",\n                        \"enriched\": true,\n                        \"severity\": \"HIGH\",\n                        \"component\": \"esp-idf\",\n                        \"cvss_score\": 8.8,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00096,\n                                \"percentile\": 0.27248\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2024-54052\",\n                                \"epss\": \"0.1000\",\n                                \"aliases\": [\n                                    \"CVE-2024-53406\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"8.8\",\n                                \"references\": [\n                                    \"https://github.com/espressif/esp-idf\",\n                                    \"https://github.com/yangting111/BLE_TEST/blob/main/result/PoC/Esp/sk_reuse.md\",\n                                    \"https://nvd.nist.gov/vuln/detail/CVE-2024-53406\"\n                                ],\n                                \"description\": \"Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks.\",\n                                \"datePublished\": \"2025-03-12T23:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"1b84b411-21c2-3111-af2b-c800afe70aa5\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:newlib_project:newlib:4.1.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/newlib@4.1.0\",\n                        \"cve_id\": \"CVE-2019-14871\",\n                        \"version\": \"4.1.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"newlib\",\n                        \"cvss_score\": 6.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00465,\n                                \"percentile\": 0.63529\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2019-5986\",\n                                \"epss\": \"0.4600\",\n                                \"aliases\": [\n                                    \"CVE-2019-14871\"\n                                ],\n                                \"assigner\": \"redhat\",\n                                \"baseScore\": \"6.5\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2019-14871.html\",\n                                    \"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/\"\n                                ],\n                                \"description\": \"The REENT_CHECK macro (see newlib/libc/include/sys/reent.h) as used by REENT_CHECK_TM, REENT_CHECK_MISC, REENT_CHECK_MP and other newlib macros in versions prior to 3.3.0, does not check for memory allocation problems when the DEBUG flag is unset (as is the case in production firmware builds).\",\n                                \"datePublished\": \"2020-03-18T14:43:25.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"086c8b26-9547-3acb-b501-e66f891c9a67\",\n                                        \"product\": {\n                                            \"name\": \"newlib\"\n                                        },\n                                        \"product_version\": \"all newlib versions prior to 3.3.0\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"The REENT_CHECK macro (see newlib/libc/include/sys/reent.h) as used by REENT_CHECK_TM, REENT_CHECK_MISC, REENT_CHECK_MP and other newlib macros in versions prior to 3.3.0, does not check for memory allocation problems when the DEBUG flag is unset (as is the case in production firmware builds).\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:newlib_project:newlib:4.1.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/newlib@4.1.0\",\n                        \"cve_id\": \"CVE-2019-14872\",\n                        \"version\": \"4.1.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"newlib\",\n                        \"cvss_score\": 6.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00414,\n                                \"percentile\": 0.60874\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2019-5987\",\n                                \"epss\": \"0.4100\",\n                                \"aliases\": [\n                                    \"CVE-2019-14872\"\n                                ],\n                                \"assigner\": \"redhat\",\n                                \"baseScore\": \"6.5\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2019-14872.html\",\n                                    \"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/\"\n                                ],\n                                \"description\": \"The _dtoa_r function of the newlib libc library, prior to version 3.3.0, performs multiple memory allocations without checking their return value. This could result in NULL pointer dereference.\",\n                                \"datePublished\": \"2020-03-19T11:35:41.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"7ab644ab-1a91-3b0d-9763-ae7da99bf875\",\n                                        \"product\": {\n                                            \"name\": \"newlib\"\n                                        },\n                                        \"product_version\": \"all newlib versions prior to 3.3.0\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"The _dtoa_r function of the newlib libc library, prior to version 3.3.0, performs multiple memory allocations without checking their return value. This could result in NULL pointer dereference.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:newlib_project:newlib:4.1.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/newlib@4.1.0\",\n                        \"cve_id\": \"CVE-2019-14873\",\n                        \"version\": \"4.1.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"newlib\",\n                        \"cvss_score\": 6.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00401,\n                                \"percentile\": 0.5999\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2019-5988\",\n                                \"epss\": \"0.4000\",\n                                \"aliases\": [\n                                    \"CVE-2019-14873\"\n                                ],\n                                \"assigner\": \"redhat\",\n                                \"baseScore\": \"6.5\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2019-14873.html\",\n                                    \"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/\"\n                                ],\n                                \"description\": \"In the __multadd function of the newlib libc library, prior to versions 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. This will trigger a null pointer dereference bug in case of a memory allocation failure.\",\n                                \"datePublished\": \"2020-03-19T14:04:12.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"44c5ab5a-40a5-3430-b39b-8651a99ddc53\",\n                                        \"product\": {\n                                            \"name\": \"newlib\"\n                                        },\n                                        \"product_version\": \"all newlib versions prior to 3.3.0\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"In the __multadd function of the newlib libc library, prior to versions 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. This will trigger a null pointer dereference bug in case of a memory allocation failure.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:newlib_project:newlib:4.1.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/newlib@4.1.0\",\n                        \"cve_id\": \"CVE-2019-14874\",\n                        \"version\": \"4.1.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"newlib\",\n                        \"cvss_score\": 6.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00401,\n                                \"percentile\": 0.5999\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2019-5989\",\n                                \"epss\": \"0.4000\",\n                                \"aliases\": [\n                                    \"CVE-2019-14874\"\n                                ],\n                                \"assigner\": \"redhat\",\n                                \"baseScore\": \"6.5\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2019-14874.html\",\n                                    \"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/\"\n                                ],\n                                \"description\": \"In the __i2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _ x[0] will trigger a null pointer dereference bug in case of a memory allocation failure.\",\n                                \"datePublished\": \"2020-03-19T14:07:52.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"304e57a4-6433-3ff8-a400-bf150db1ef71\",\n                                        \"product\": {\n                                            \"name\": \"newlib\"\n                                        },\n                                        \"product_version\": \"all newlib versions prior to 3.3.0\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"In the __i2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _ x[0] will trigger a null pointer dereference bug in case of a memory allocation failure.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:newlib_project:newlib:4.1.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/newlib@4.1.0\",\n                        \"cve_id\": \"CVE-2019-14875\",\n                        \"version\": \"4.1.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"newlib\",\n                        \"cvss_score\": 6.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00401,\n                                \"percentile\": 0.5999\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2019-5990\",\n                                \"epss\": \"0.4000\",\n                                \"aliases\": [\n                                    \"CVE-2019-14875\"\n                                ],\n                                \"assigner\": \"redhat\",\n                                \"baseScore\": \"6.5\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2019-14875.html\",\n                                    \"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/\"\n                                ],\n                                \"description\": \"In the __multiply function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _x[0] will trigger a null pointer dereference bug in case of a memory allocation failure.\",\n                                \"datePublished\": \"2020-03-19T14:08:12.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"eb96f672-240a-36c9-b350-81dbd33c8aac\",\n                                        \"product\": {\n                                            \"name\": \"newlib\"\n                                        },\n                                        \"product_version\": \"all newlib versions prior to 3.3.0\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"In the __multiply function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _x[0] will trigger a null pointer dereference bug in case of a memory allocation failure.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:newlib_project:newlib:4.1.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/newlib@4.1.0\",\n                        \"cve_id\": \"CVE-2019-14876\",\n                        \"version\": \"4.1.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"newlib\",\n                        \"cvss_score\": 6.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00309,\n                                \"percentile\": 0.53554\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2019-5991\",\n                                \"epss\": \"0.3100\",\n                                \"aliases\": [\n                                    \"CVE-2019-14876\"\n                                ],\n                                \"assigner\": \"redhat\",\n                                \"baseScore\": \"6.5\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2019-14876.html\",\n                                    \"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/\"\n                                ],\n                                \"description\": \"In the __lshift function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access to b1 will trigger a null pointer dereference bug in case of a memory allocation failure.\",\n                                \"datePublished\": \"2020-03-19T14:08:25.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"31efcaf8-f8e7-3370-a5ab-973c9c71abe3\",\n                                        \"product\": {\n                                            \"name\": \"newlib\"\n                                        },\n                                        \"product_version\": \"all newlib versions prior to 3.3.0\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"In the __lshift function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access to b1 will trigger a null pointer dereference bug in case of a memory allocation failure.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:newlib_project:newlib:4.1.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/newlib@4.1.0\",\n                        \"cve_id\": \"CVE-2019-14877\",\n                        \"version\": \"4.1.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"newlib\",\n                        \"cvss_score\": 6.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00309,\n                                \"percentile\": 0.53554\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2019-5992\",\n                                \"epss\": \"0.3100\",\n                                \"aliases\": [\n                                    \"CVE-2019-14877\"\n                                ],\n                                \"assigner\": \"redhat\",\n                                \"baseScore\": \"6.5\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2019-14877.html\",\n                                    \"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/\"\n                                ],\n                                \"description\": \"In the __mdiff function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate big integers, however no check is performed to verify if the allocation succeeded or not. The access to _wds and _sign will trigger a null pointer dereference bug in case of a memory allocation failure.\",\n                                \"datePublished\": \"2020-03-19T14:04:15.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"41d40b4c-5550-39bd-b88c-391b2285931c\",\n                                        \"product\": {\n                                            \"name\": \"newlib\"\n                                        },\n                                        \"product_version\": \"all newlib versions prior to 3.3.0\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"In the __mdiff function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate big integers, however no check is performed to verify if the allocation succeeded or not. The access to _wds and _sign will trigger a null pointer dereference bug in case of a memory allocation failure.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:newlib_project:newlib:4.1.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/newlib@4.1.0\",\n                        \"cve_id\": \"CVE-2019-14878\",\n                        \"version\": \"4.1.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"newlib\",\n                        \"cvss_score\": 6.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00309,\n                                \"percentile\": 0.53554\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2019-5993\",\n                                \"epss\": \"0.3100\",\n                                \"aliases\": [\n                                    \"CVE-2019-14878\"\n                                ],\n                                \"assigner\": \"redhat\",\n                                \"baseScore\": \"6.5\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2019-14878.html\",\n                                    \"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/\"\n                                ],\n                                \"description\": \"In the __d2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. Accessing _x will trigger a null pointer dereference bug in case of a memory allocation failure.\",\n                                \"datePublished\": \"2020-03-19T14:04:19.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"35237f27-f98b-3c5c-bef9-c1f95127f59c\",\n                                        \"product\": {\n                                            \"name\": \"newlib\"\n                                        },\n                                        \"product_version\": \"all newlib versions prior to 3.3.0\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"In the __d2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. Accessing _x will trigger a null pointer dereference bug in case of a memory allocation failure.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:newlib_project:newlib:4.1.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/newlib@4.1.0\",\n                        \"cve_id\": \"CVE-2021-3420\",\n                        \"version\": \"4.1.0\",\n                        \"enriched\": true,\n                        \"severity\": \"CRITICAL\",\n                        \"component\": \"newlib\",\n                        \"cvss_score\": 9.8,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00228,\n                                \"percentile\": 0.45443\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2021-26748\",\n                                \"epss\": \"0.2300\",\n                                \"aliases\": [\n                                    \"CVE-2021-3420\"\n                                ],\n                                \"assigner\": \"redhat\",\n                                \"baseScore\": \"9.8\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2021-3420.html\",\n                                    \"https://security.archlinux.org/CVE-2021-3420\",\n                                    \"https://bugzilla.redhat.com/show_bug.cgi?id=1934088\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AEBF6YHWFNCBW5A2ENSQ3Z56ELF4MTRE/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQZEUANAWBBAOC4TF5PTPJVLMUR7SFD/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AMK54N6UOPBFFX2YT32TWSAEFTHGSKAA/\"\n                                ],\n                                \"description\": \"A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow.\",\n                                \"datePublished\": \"2021-03-05T18:19:28.000Z\",\n                                \"enisaidproduct\": [],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:newlib_project:newlib:4.1.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/newlib@4.1.0\",\n                        \"cve_id\": \"CVE-2024-30949\",\n                        \"version\": \"4.1.0\",\n                        \"enriched\": true,\n                        \"severity\": \"CRITICAL\",\n                        \"component\": \"newlib\",\n                        \"cvss_score\": 9.8,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00511,\n                                \"percentile\": 0.65567\n                            },\n                            \"euvd\": null,\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"An issue in newlib v.4.3.0 allows an attacker to execute arbitrary code via the time unit scaling in the _gettimeofday function.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:lwip_project:lwip:2.1.3:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/lwip@2.1.3\",\n                        \"cve_id\": \"CVE-2014-4883\",\n                        \"version\": \"2.1.3\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"lwip\",\n                        \"cvss_score\": 0,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00114,\n                                \"percentile\": 0.30648\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2014-4802\",\n                                \"epss\": \"0.1100\",\n                                \"aliases\": [\n                                    \"CVE-2014-4883\"\n                                ],\n                                \"assigner\": \"certcc\",\n                                \"baseScore\": \"4.3\",\n                                \"references\": [\n                                    \"http://www.kb.cert.org/vuls/id/210620\",\n                                    \"http://git.savannah.gnu.org/cgit/lwip.git/commit/?id=9fb46e120655ac481b2af8f865d5ae56c39b831a\"\n                                ],\n                                \"description\": \"resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets.\",\n                                \"datePublished\": \"2014-11-28T01:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"e3c74de7-ae9a-38ac-aa71-197eea4e53b8\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\n                                \"baseScoreVersion\": \"2.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:lwip_project:lwip:2.1.3:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/lwip@2.1.3\",\n                        \"cve_id\": \"CVE-2020-22283\",\n                        \"version\": \"2.1.3\",\n                        \"enriched\": true,\n                        \"severity\": \"HIGH\",\n                        \"component\": \"lwip\",\n                        \"cvss_score\": 7.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00251,\n                                \"percentile\": 0.48282\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2020-15048\",\n                                \"epss\": \"0.2500\",\n                                \"aliases\": [\n                                    \"CVE-2020-22283\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"7.5\",\n                                \"references\": [\n                                    \"https://savannah.nongnu.org/bugs/index.php?58553\",\n                                    \"https://lists.debian.org/debian-lts-announce/2023/11/msg00011.html\"\n                                ],\n                                \"description\": \"A buffer overflow vulnerability in the icmp6_send_response_with_addrs_and_netif() function of Free Software Foundation lwIP version git head allows attackers to access sensitive information via a crafted ICMPv6 packet.\",\n                                \"datePublished\": \"2021-07-21T22:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"d17e9bb1-2363-3177-8ae0-2b4504b68219\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"A buffer overflow vulnerability in the icmp6_send_response_with_addrs_and_netif() function of Free Software Foundation lwIP version git head allows attackers to access sensitive information via a crafted ICMPv6 packet.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:lwip_project:lwip:2.1.3:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/lwip@2.1.3\",\n                        \"cve_id\": \"CVE-2020-22284\",\n                        \"version\": \"2.1.3\",\n                        \"enriched\": true,\n                        \"severity\": \"HIGH\",\n                        \"component\": \"lwip\",\n                        \"cvss_score\": 7.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00314,\n                                \"percentile\": 0.53991\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2020-15049\",\n                                \"epss\": \"0.3100\",\n                                \"aliases\": [\n                                    \"CVE-2020-22284\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"7.5\",\n                                \"references\": [\n                                    \"https://savannah.nongnu.org/bugs/index.php?58554\"\n                                ],\n                                \"description\": \"A buffer overflow vulnerability in the zepif_linkoutput() function of Free Software Foundation lwIP git head version and version 2.1.2 allows attackers to access sensitive information via a crafted 6LoWPAN packet.\",\n                                \"datePublished\": \"2021-07-22T17:38:09.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"0e59fca9-0559-3166-bc3d-4f76355b7861\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"A buffer overflow vulnerability in the zepif_linkoutput() function of Free Software Foundation lwIP git head version and version 2.1.2 allows attackers to access sensitive information via a crafted 6LoWPAN packet.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2014-3686\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 0,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.04674,\n                                \"percentile\": 0.88845\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2014-3632\",\n                                \"epss\": \"4.5100\",\n                                \"aliases\": [\n                                    \"CVE-2014-3686\"\n                                ],\n                                \"assigner\": \"redhat\",\n                                \"baseScore\": \"6.8\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2014-3686.html\",\n                                    \"https://www.debian.org/security/2014/dsa-3052\",\n                                    \"https://access.redhat.com/errata/RHSA-2014:1956\",\n                                    \"https://ubuntu.com/security/CVE-2014-3686\",\n                                    \"https://advisories.mageia.org/CVE-2014-3686.html\",\n                                    \"https://linux.oracle.com/cve/CVE-2014-3686.html\",\n                                    \"http://secunia.com/advisories/60366\",\n                                    \"http://www.debian.org/security/2014/dsa-3052\",\n                                    \"http://lists.opensuse.org/opensuse-updates/2014-10/msg00028.html\",\n                                    \"http://secunia.com/advisories/60428\",\n                                    \"http://w1.fi/security/2014-1/\",\n                                    \"http://advisories.mageia.org/MGASA-2014-0429.html\",\n                                    \"http://www.mandriva.com/security/advisories?name=MDVSA-2015:120\",\n                                    \"http://www.openwall.com/lists/oss-security/2014/10/09/28\",\n                                    \"http://rhn.redhat.com/errata/RHSA-2014-1956.html\",\n                                    \"http://secunia.com/advisories/61271\",\n                                    \"http://lists.opensuse.org/opensuse-updates/2014-10/msg00027.html\",\n                                    \"https://security.gentoo.org/glsa/201606-17\",\n                                    \"http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00000.html\",\n                                    \"https://bugzilla.redhat.com/show_bug.cgi?id=1151259\",\n                                    \"http://www.ubuntu.com/usn/USN-2383-1\",\n                                    \"http://www.securityfocus.com/bid/70396\"\n                                ],\n                                \"description\": \"wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.\",\n                                \"datePublished\": \"2014-10-15T22:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"3c0e47e1-14c0-3fc9-975d-e535236f1aea\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\n                                \"baseScoreVersion\": \"2.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2015-0210\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 5.9,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00301,\n                                \"percentile\": 0.52877\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2015-0247\",\n                                \"epss\": \"0.3000\",\n                                \"aliases\": [\n                                    \"CVE-2015-0210\"\n                                ],\n                                \"assigner\": \"redhat\",\n                                \"baseScore\": \"5.9\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2015-0210.html\",\n                                    \"https://bugzilla.redhat.com/show_bug.cgi?id=1178263\",\n                                    \"https://bugzilla.redhat.com/show_bug.cgi?id=1178921\"\n                                ],\n                                \"description\": \"wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack.\",\n                                \"datePublished\": \"2017-08-28T13:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"ea21c7d0-58c0-32ab-bc2e-8fed0a71f991\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2015-1863\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 0,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.05376,\n                                \"percentile\": 0.89662\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2015-1971\",\n                                \"epss\": \"8.5500\",\n                                \"aliases\": [\n                                    \"CVE-2015-1863\"\n                                ],\n                                \"assigner\": \"redhat\",\n                                \"baseScore\": \"5.8\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2015-1863.html\",\n                                    \"https://www.debian.org/security/2015/dsa-3233\",\n                                    \"https://access.redhat.com/errata/RHSA-2015:1090\",\n                                    \"https://ubuntu.com/security/CVE-2015-1863\",\n                                    \"https://linux.oracle.com/cve/CVE-2015-1863.html\",\n                                    \"http://w1.fi/security/2015-1/wpa_supplicant-p2p-ssid-overflow.txt\",\n                                    \"http://www.debian.org/security/2015/dsa-3233\",\n                                    \"http://www.securityfocus.com/archive/1/535353/100/0/threaded\",\n                                    \"http://www.ubuntu.com/usn/USN-2577-1\",\n                                    \"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00000.html\",\n                                    \"http://seclists.org/fulldisclosure/2015/Apr/82\",\n                                    \"http://www.securityfocus.com/bid/74296\",\n                                    \"http://security.alibaba.com/blog/blog.htm?spm=0.0.0.0.p1ECc3&id=19\",\n                                    \"http://packetstormsecurity.com/files/131598/Android-wpa_supplicant-Heap-Overflow.html\",\n                                    \"https://security.gentoo.org/glsa/201606-17\",\n                                    \"http://www.securitytracker.com/id/1032192\",\n                                    \"http://rhn.redhat.com/errata/RHSA-2015-1090.html\"\n                                ],\n                                \"description\": \"Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries.\",\n                                \"datePublished\": \"2015-04-28T12:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"1affacfe-d300-34d3-82c3-0407b2060e28\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"AV:A/AC:L/Au:N/C:P/I:P/A:P\",\n                                \"baseScoreVersion\": \"2.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2015-4141\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 0,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.01465,\n                                \"percentile\": 0.80279\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2015-4165\",\n                                \"epss\": \"1.4600\",\n                                \"aliases\": [\n                                    \"CVE-2015-4141\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"4.3\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2015-4141.html\",\n                                    \"https://www.debian.org/security/2015/dsa-3397\",\n                                    \"https://ubuntu.com/security/CVE-2015-4141\",\n                                    \"http://www.openwall.com/lists/oss-security/2015/05/31/6\",\n                                    \"http://www.debian.org/security/2015/dsa-3397\",\n                                    \"http://w1.fi/security/2015-2/wps-upnp-http-chunked-transfer-encoding.txt\",\n                                    \"https://security.gentoo.org/glsa/201606-17\",\n                                    \"http://www.ubuntu.com/usn/USN-2650-1\",\n                                    \"http://lists.opensuse.org/opensuse-updates/2015-06/msg00019.html\",\n                                    \"http://www.openwall.com/lists/oss-security/2015/05/09/4\"\n                                ],\n                                \"description\": \"The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.\",\n                                \"datePublished\": \"2015-06-15T13:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"2da5e345-a8ad-307d-86ce-fdce7dab3cad\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\n                                \"baseScoreVersion\": \"2.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2015-4142\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 0,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.07071,\n                                \"percentile\": 0.91127\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2015-4166\",\n                                \"epss\": \"7.0700\",\n                                \"aliases\": [\n                                    \"CVE-2015-4142\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"4.3\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2015-4142.html\",\n                                    \"https://www.debian.org/security/2015/dsa-3397\",\n                                    \"https://access.redhat.com/errata/RHSA-2015:1439\",\n                                    \"https://access.redhat.com/errata/RHSA-2015:1090\",\n                                    \"https://ubuntu.com/security/CVE-2015-4142\",\n                                    \"https://linux.oracle.com/cve/CVE-2015-4142.html\",\n                                    \"http://www.openwall.com/lists/oss-security/2015/05/31/6\",\n                                    \"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172608.html\",\n                                    \"http://rhn.redhat.com/errata/RHSA-2015-1439.html\",\n                                    \"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171401.html\",\n                                    \"http://www.securitytracker.com/id/1032625\",\n                                    \"http://w1.fi/security/2015-3/integer-underflow-in-ap-mode-wmm-action-frame.txt\",\n                                    \"http://www.openwall.com/lists/oss-security/2015/05/09/5\",\n                                    \"http://www.debian.org/security/2015/dsa-3397\",\n                                    \"https://security.gentoo.org/glsa/201606-17\",\n                                    \"http://www.ubuntu.com/usn/USN-2650-1\",\n                                    \"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172655.html\",\n                                    \"http://lists.opensuse.org/opensuse-updates/2015-06/msg00019.html\",\n                                    \"http://rhn.redhat.com/errata/RHSA-2015-1090.html\",\n                                    \"https://support.apple.com/kb/HT213258\",\n                                    \"http://seclists.org/fulldisclosure/2022/May/34\"\n                                ],\n                                \"description\": \"Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read.\",\n                                \"datePublished\": \"2015-06-15T13:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"ae31cd8e-328f-349e-aaf6-b90577f22ef1\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\n                                \"baseScoreVersion\": \"2.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2015-4143\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 0,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.01205,\n                                \"percentile\": 0.78347\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2015-4167\",\n                                \"epss\": \"1.2000\",\n                                \"aliases\": [\n                                    \"CVE-2015-4143\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"5.0\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2015-4143.html\",\n                                    \"https://www.debian.org/security/2015/dsa-3397\",\n                                    \"https://ubuntu.com/security/CVE-2015-4143\",\n                                    \"http://www.openwall.com/lists/oss-security/2015/05/31/6\",\n                                    \"http://www.debian.org/security/2015/dsa-3397\",\n                                    \"https://security.gentoo.org/glsa/201606-17\",\n                                    \"http://www.ubuntu.com/usn/USN-2650-1\",\n                                    \"http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt\",\n                                    \"http://lists.opensuse.org/opensuse-updates/2015-06/msg00019.html\",\n                                    \"http://www.openwall.com/lists/oss-security/2015/05/09/6\"\n                                ],\n                                \"description\": \"The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload.\",\n                                \"datePublished\": \"2015-06-15T13:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"461173dc-e067-3584-9f1e-fdf2a7c261bb\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\n                                \"baseScoreVersion\": \"2.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2015-4144\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 0,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.01205,\n                                \"percentile\": 0.78347\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2015-4168\",\n                                \"epss\": \"1.2000\",\n                                \"aliases\": [\n                                    \"CVE-2015-4144\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"5.0\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2015-4144.html\",\n                                    \"https://www.debian.org/security/2015/dsa-3397\",\n                                    \"https://ubuntu.com/security/CVE-2015-4144\",\n                                    \"http://www.openwall.com/lists/oss-security/2015/05/31/6\",\n                                    \"http://www.debian.org/security/2015/dsa-3397\",\n                                    \"https://security.gentoo.org/glsa/201606-17\",\n                                    \"http://www.ubuntu.com/usn/USN-2650-1\",\n                                    \"http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt\",\n                                    \"http://lists.opensuse.org/opensuse-updates/2015-06/msg00019.html\",\n                                    \"http://www.openwall.com/lists/oss-security/2015/05/09/6\"\n                                ],\n                                \"description\": \"The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message.\",\n                                \"datePublished\": \"2015-06-15T13:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"a50875e0-667a-3a16-9b7d-db700e989045\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\n                                \"baseScoreVersion\": \"2.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2015-4145\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 0,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.01205,\n                                \"percentile\": 0.78347\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2015-4169\",\n                                \"epss\": \"1.2000\",\n                                \"aliases\": [\n                                    \"CVE-2015-4145\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"5.0\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2015-4145.html\",\n                                    \"https://www.debian.org/security/2015/dsa-3397\",\n                                    \"https://ubuntu.com/security/CVE-2015-4145\",\n                                    \"http://www.openwall.com/lists/oss-security/2015/05/31/6\",\n                                    \"http://www.debian.org/security/2015/dsa-3397\",\n                                    \"https://security.gentoo.org/glsa/201606-17\",\n                                    \"http://www.ubuntu.com/usn/USN-2650-1\",\n                                    \"http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt\",\n                                    \"http://lists.opensuse.org/opensuse-updates/2015-06/msg00019.html\",\n                                    \"http://www.openwall.com/lists/oss-security/2015/05/09/6\"\n                                ],\n                                \"description\": \"The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of service (memory leak) via a crafted message.\",\n                                \"datePublished\": \"2015-06-15T13:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"01c614a7-2d3a-3e3c-b596-bca6fafa93aa\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\n                                \"baseScoreVersion\": \"2.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of service (memory leak) via a crafted message.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2015-4146\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 0,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.01312,\n                                \"percentile\": 0.79197\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2015-4170\",\n                                \"epss\": \"1.3100\",\n                                \"aliases\": [\n                                    \"CVE-2015-4146\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"5.0\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2015-4146.html\",\n                                    \"https://www.debian.org/security/2015/dsa-3397\",\n                                    \"https://ubuntu.com/security/CVE-2015-4146\",\n                                    \"http://www.openwall.com/lists/oss-security/2015/05/31/6\",\n                                    \"http://w1.fi/security/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch\",\n                                    \"http://www.debian.org/security/2015/dsa-3397\",\n                                    \"https://security.gentoo.org/glsa/201606-17\",\n                                    \"http://www.ubuntu.com/usn/USN-2650-1\",\n                                    \"http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt\",\n                                    \"http://lists.opensuse.org/opensuse-updates/2015-06/msg00019.html\",\n                                    \"http://www.openwall.com/lists/oss-security/2015/05/09/6\"\n                                ],\n                                \"description\": \"The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service (crash) via a crafted message.\",\n                                \"datePublished\": \"2015-06-15T13:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"53fb4b0e-e1ff-34ff-98a6-02dce280d72b\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\n                                \"baseScoreVersion\": \"2.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service (crash) via a crafted message.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2015-5314\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 5.9,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.0115,\n                                \"percentile\": 0.77852\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2015-5285\",\n                                \"epss\": \"1.1500\",\n                                \"aliases\": [\n                                    \"CVE-2015-5314\"\n                                ],\n                                \"assigner\": \"redhat\",\n                                \"baseScore\": \"5.9\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2015-5314.html\",\n                                    \"https://www.debian.org/security/2015/dsa-3397\",\n                                    \"https://ubuntu.com/security/CVE-2015-5314\",\n                                    \"http://www.ubuntu.com/usn/USN-2808-1\",\n                                    \"http://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt\",\n                                    \"http://www.openwall.com/lists/oss-security/2015/11/10/10\"\n                                ],\n                                \"description\": \"The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with (1) an internal EAP server or (2) a RADIUS server and EAP-pwd is enabled in a runtime configuration, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message.\",\n                                \"datePublished\": \"2018-02-21T15:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"f93fd5fd-f7f7-3aef-a0fd-5523b62dda52\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with (1) an internal EAP server or (2) a RADIUS server and EAP-pwd is enabled in a runtime configuration, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2015-5315\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 5.9,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.0115,\n                                \"percentile\": 0.77852\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2015-5286\",\n                                \"epss\": \"1.1500\",\n                                \"aliases\": [\n                                    \"CVE-2015-5315\"\n                                ],\n                                \"assigner\": \"redhat\",\n                                \"baseScore\": \"5.9\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2015-5315.html\",\n                                    \"https://www.debian.org/security/2015/dsa-3397\",\n                                    \"https://ubuntu.com/security/CVE-2015-5315\",\n                                    \"http://www.ubuntu.com/usn/USN-2808-1\",\n                                    \"http://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt\",\n                                    \"http://www.openwall.com/lists/oss-security/2015/11/10/10\"\n                                ],\n                                \"description\": \"The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message.\",\n                                \"datePublished\": \"2018-02-21T15:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"07b035bb-ea13-380c-95c3-9ff31f253cd2\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2015-5316\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 5.9,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.01524,\n                                \"percentile\": 0.80691\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2015-5287\",\n                                \"epss\": \"1.5200\",\n                                \"aliases\": [\n                                    \"CVE-2015-5316\"\n                                ],\n                                \"assigner\": \"redhat\",\n                                \"baseScore\": \"5.9\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2015-5316.html\",\n                                    \"https://www.debian.org/security/2015/dsa-3397\",\n                                    \"https://ubuntu.com/security/CVE-2015-5316\",\n                                    \"http://www.ubuntu.com/usn/USN-2808-1\",\n                                    \"http://www.openwall.com/lists/oss-security/2015/11/10/11\",\n                                    \"http://www.securityfocus.com/bid/77538\",\n                                    \"http://w1.fi/security/2015-8/eap-pwd-unexpected-confirm.txt\"\n                                ],\n                                \"description\": \"The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an EAP-pwd Confirm message followed by the Identity exchange.\",\n                                \"datePublished\": \"2018-02-21T15:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"23ec4b7f-7d60-31c7-8494-2e730df6a408\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an EAP-pwd Confirm message followed by the Identity exchange.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2015-8041\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 0,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.01495,\n                                \"percentile\": 0.80501\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2015-7934\",\n                                \"epss\": \"1.5000\",\n                                \"aliases\": [\n                                    \"CVE-2015-8041\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"5.0\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2015-8041.html\",\n                                    \"https://www.debian.org/security/2015/dsa-3397\",\n                                    \"https://w1.fi/cgit/hostap/plain/hostapd/ChangeLog\",\n                                    \"http://lists.opensuse.org/opensuse-updates/2015-11/msg00037.html\",\n                                    \"https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog\",\n                                    \"http://www.securityfocus.com/bid/75604\",\n                                    \"http://lists.opensuse.org/opensuse-updates/2015-11/msg00041.html\",\n                                    \"http://www.openwall.com/lists/oss-security/2015/11/02/5\",\n                                    \"http://www.debian.org/security/2015/dsa-3397\",\n                                    \"http://w1.fi/security/2015-5/incomplete-wps-and-p2p-nfc-ndef-record-payload-length-validation.txt\"\n                                ],\n                                \"description\": \"Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read.\",\n                                \"datePublished\": \"2015-11-09T15:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"6e9a38b2-53b4-381b-bdbb-b7eba5bc233b\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\n                                \"baseScoreVersion\": \"2.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2016-4476\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"HIGH\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 7.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00796,\n                                \"percentile\": 0.73233\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2016-5463\",\n                                \"epss\": \"0.6100\",\n                                \"aliases\": [\n                                    \"CVE-2016-4476\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"7.5\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2016-4476.html\",\n                                    \"https://ubuntu.com/security/CVE-2016-4476\",\n                                    \"https://advisories.mageia.org/CVE-2016-4476.html\",\n                                    \"https://security.archlinux.org/CVE-2016-4476\",\n                                    \"http://www.openwall.com/lists/oss-security/2016/05/03/12\",\n                                    \"http://www.ubuntu.com/usn/USN-3455-1\"\n                                ],\n                                \"description\": \"hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \\\\n and \\\\r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation.\",\n                                \"datePublished\": \"2016-05-09T08:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"7eaa9686-5f80-3285-b3e0-8a6ffeb4a4d4\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \\\\n and \\\\r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2017-13077\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 6.8,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00789,\n                                \"percentile\": 0.73106\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2017-4595\",\n                                \"epss\": \"0.7700\",\n                                \"aliases\": [\n                                    \"CVE-2017-13077\"\n                                ],\n                                \"assigner\": \"certcc\",\n                                \"baseScore\": \"6.8\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2017-13077.html\",\n                                    \"https://www.debian.org/security/2017/dsa-3999\",\n                                    \"https://access.redhat.com/errata/RHSA-2017:2911\",\n                                    \"https://access.redhat.com/errata/RHSA-2017:2907\",\n                                    \"https://ubuntu.com/security/CVE-2017-13077\",\n                                    \"https://advisories.mageia.org/CVE-2017-13077.html\",\n                                    \"https://security.archlinux.org/CVE-2017-13077\",\n                                    \"https://linux.oracle.com/cve/CVE-2017-13077.html\",\n                                    \"http://www.securitytracker.com/id/1039581\",\n                                    \"https://support.apple.com/HT208221\",\n                                    \"http://www.securityfocus.com/bid/101274\",\n                                    \"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html\",\n                                    \"http://www.debian.org/security/2017/dsa-3999\",\n                                    \"http://www.securitytracker.com/id/1039578\",\n                                    \"https://access.redhat.com/security/vulnerabilities/kracks\",\n                                    \"http://www.securitytracker.com/id/1041432\",\n                                    \"https://source.android.com/security/bulletin/2018-04-01\",\n                                    \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa\",\n                                    \"https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\",\n                                    \"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt\",\n                                    \"http://www.securitytracker.com/id/1039577\",\n                                    \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us\",\n                                    \"https://support.apple.com/HT208222\",\n                                    \"https://source.android.com/security/bulletin/2017-11-01\",\n                                    \"https://security.gentoo.org/glsa/201711-03\",\n                                    \"https://support.lenovo.com/us/en/product_security/LEN-17420\",\n                                    \"https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc\",\n                                    \"https://www.krackattacks.com/\",\n                                    \"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\",\n                                    \"http://www.securitytracker.com/id/1039573\",\n                                    \"http://www.securitytracker.com/id/1039576\",\n                                    \"https://cert.vde.com/en-us/advisories/vde-2017-003\",\n                                    \"http://www.securitytracker.com/id/1039585\",\n                                    \"http://www.kb.cert.org/vuls/id/228519\",\n                                    \"https://support.apple.com/HT208220\",\n                                    \"https://source.android.com/security/bulletin/2018-06-01\",\n                                    \"https://support.apple.com/HT208219\",\n                                    \"https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html\",\n                                    \"https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf\",\n                                    \"https://cert.vde.com/en-us/advisories/vde-2017-005\",\n                                    \"http://www.ubuntu.com/usn/USN-3455-1\"\n                                ],\n                                \"description\": \"Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.\",\n                                \"datePublished\": \"2017-10-17T00:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"e27097d8-8fdc-344a-8106-b55516cb4ca0\",\n                                        \"product\": {\n                                            \"name\": \"Wi-Fi Protected Access (WPA and WPA2)\"\n                                        },\n                                        \"product_version\": \"WPA\"\n                                    },\n                                    {\n                                        \"id\": \"e2cc3915-56d8-328c-afd4-c0ca8c734c45\",\n                                        \"product\": {\n                                            \"name\": \"Wi-Fi Protected Access (WPA and WPA2)\"\n                                        },\n                                        \"product_version\": \"WPA2\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2017-13078\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 5.3,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00831,\n                                \"percentile\": 0.73796\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2017-4596\",\n                                \"epss\": \"0.8100\",\n                                \"aliases\": [\n                                    \"CVE-2017-13078\"\n                                ],\n                                \"assigner\": \"certcc\",\n                                \"baseScore\": \"5.3\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2017-13078.html\",\n                                    \"https://www.debian.org/security/2017/dsa-3999\",\n                                    \"https://access.redhat.com/errata/RHSA-2017:2911\",\n                                    \"https://access.redhat.com/errata/RHSA-2017:2907\",\n                                    \"https://ubuntu.com/security/CVE-2017-13078\",\n                                    \"https://advisories.mageia.org/CVE-2017-13078.html\",\n                                    \"https://security.archlinux.org/CVE-2017-13078\",\n                                    \"https://linux.oracle.com/cve/CVE-2017-13078.html\",\n                                    \"http://www.securitytracker.com/id/1039581\",\n                                    \"https://support.apple.com/HT208221\",\n                                    \"http://www.securityfocus.com/bid/101274\",\n                                    \"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html\",\n                                    \"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html\",\n                                    \"http://www.debian.org/security/2017/dsa-3999\",\n                                    \"http://www.securitytracker.com/id/1039578\",\n                                    \"https://access.redhat.com/security/vulnerabilities/kracks\",\n                                    \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa\",\n                                    \"https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\",\n                                    \"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt\",\n                                    \"http://www.securitytracker.com/id/1039577\",\n                                    \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us\",\n                                    \"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html\",\n                                    \"https://support.apple.com/HT208222\",\n                                    \"https://source.android.com/security/bulletin/2017-11-01\",\n                                    \"https://security.gentoo.org/glsa/201711-03\",\n                                    \"https://support.lenovo.com/us/en/product_security/LEN-17420\",\n                                    \"https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc\",\n                                    \"https://www.krackattacks.com/\",\n                                    \"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\",\n                                    \"http://www.securitytracker.com/id/1039573\",\n                                    \"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html\",\n                                    \"http://www.securitytracker.com/id/1039576\",\n                                    \"https://cert.vde.com/en-us/advisories/vde-2017-003\",\n                                    \"http://www.securitytracker.com/id/1039585\",\n                                    \"http://www.kb.cert.org/vuls/id/228519\",\n                                    \"https://support.apple.com/HT208220\",\n                                    \"https://support.apple.com/HT208219\",\n                                    \"https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html\",\n                                    \"https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf\",\n                                    \"https://cert.vde.com/en-us/advisories/vde-2017-005\",\n                                    \"http://www.ubuntu.com/usn/USN-3455-1\"\n                                ],\n                                \"description\": \"Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.\",\n                                \"datePublished\": \"2017-10-17T11:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"5640a789-b5a7-398b-a4fa-eae241159eb2\",\n                                        \"product\": {\n                                            \"name\": \"Wi-Fi Protected Access (WPA and WPA2)\"\n                                        },\n                                        \"product_version\": \"WPA\"\n                                    },\n                                    {\n                                        \"id\": \"d686125c-5762-3198-8214-e56f436a3b29\",\n                                        \"product\": {\n                                            \"name\": \"Wi-Fi Protected Access (WPA and WPA2)\"\n                                        },\n                                        \"product_version\": \"WPA2\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2017-13079\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 5.3,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00265,\n                                \"percentile\": 0.49774\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2017-4597\",\n                                \"epss\": \"0.2600\",\n                                \"aliases\": [\n                                    \"CVE-2017-13079\"\n                                ],\n                                \"assigner\": \"certcc\",\n                                \"baseScore\": \"5.3\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2017-13079.html\",\n                                    \"https://www.debian.org/security/2017/dsa-3999\",\n                                    \"https://ubuntu.com/security/CVE-2017-13079\",\n                                    \"https://advisories.mageia.org/CVE-2017-13079.html\",\n                                    \"https://security.archlinux.org/CVE-2017-13079\",\n                                    \"http://www.securitytracker.com/id/1039581\",\n                                    \"http://www.securityfocus.com/bid/101274\",\n                                    \"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html\",\n                                    \"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html\",\n                                    \"http://www.debian.org/security/2017/dsa-3999\",\n                                    \"http://www.securitytracker.com/id/1039578\",\n                                    \"https://access.redhat.com/security/vulnerabilities/kracks\",\n                                    \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa\",\n                                    \"https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\",\n                                    \"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt\",\n                                    \"http://www.securitytracker.com/id/1039577\",\n                                    \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us\",\n                                    \"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html\",\n                                    \"https://source.android.com/security/bulletin/2017-11-01\",\n                                    \"https://security.gentoo.org/glsa/201711-03\",\n                                    \"https://support.lenovo.com/us/en/product_security/LEN-17420\",\n                                    \"https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc\",\n                                    \"https://www.krackattacks.com/\",\n                                    \"http://www.securitytracker.com/id/1039573\",\n                                    \"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html\",\n                                    \"http://www.securitytracker.com/id/1039576\",\n                                    \"http://www.securitytracker.com/id/1039585\",\n                                    \"http://www.kb.cert.org/vuls/id/228519\",\n                                    \"https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html\",\n                                    \"https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf\",\n                                    \"https://cert.vde.com/en-us/advisories/vde-2017-005\",\n                                    \"http://www.ubuntu.com/usn/USN-3455-1\"\n                                ],\n                                \"description\": \"Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.\",\n                                \"datePublished\": \"2017-10-17T11:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"814b4693-cd99-3fa6-b56b-74cd0a819e01\",\n                                        \"product\": {\n                                            \"name\": \"Wi-Fi Protected Access (WPA and WPA2)\"\n                                        },\n                                        \"product_version\": \"WPA2\"\n                                    },\n                                    {\n                                        \"id\": \"d226b78e-4ca9-3630-b2e8-7450a771fb1d\",\n                                        \"product\": {\n                                            \"name\": \"Wi-Fi Protected Access (WPA and WPA2)\"\n                                        },\n                                        \"product_version\": \"WPA\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2017-13080\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 5.3,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.01195,\n                                \"percentile\": 0.78248\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2017-4598\",\n                                \"epss\": \"1.1600\",\n                                \"aliases\": [\n                                    \"CVE-2017-13080\"\n                                ],\n                                \"assigner\": \"certcc\",\n                                \"baseScore\": \"5.3\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2017-13080.html\",\n                                    \"https://www.debian.org/security/2017/dsa-3999\",\n                                    \"https://access.redhat.com/errata/RHSA-2017:2911\",\n                                    \"https://access.redhat.com/errata/RHSA-2017:2907\",\n                                    \"https://ubuntu.com/security/CVE-2017-13080\",\n                                    \"https://advisories.mageia.org/CVE-2017-13080.html\",\n                                    \"https://security.archlinux.org/CVE-2017-13080\",\n                                    \"https://linux.oracle.com/cve/CVE-2017-13080.html\",\n                                    \"http://www.securitytracker.com/id/1039581\",\n                                    \"https://support.apple.com/HT208221\",\n                                    \"http://www.securityfocus.com/bid/101274\",\n                                    \"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html\",\n                                    \"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html\",\n                                    \"https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html\",\n                                    \"http://www.debian.org/security/2017/dsa-3999\",\n                                    \"https://support.apple.com/HT208327\",\n                                    \"http://www.securitytracker.com/id/1039578\",\n                                    \"https://support.apple.com/HT208325\",\n                                    \"https://access.redhat.com/security/vulnerabilities/kracks\",\n                                    \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa\",\n                                    \"https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\",\n                                    \"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt\",\n                                    \"http://www.securitytracker.com/id/1039577\",\n                                    \"http://www.securitytracker.com/id/1039572\",\n                                    \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us\",\n                                    \"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html\",\n                                    \"https://support.apple.com/HT208222\",\n                                    \"https://support.apple.com/HT208334\",\n                                    \"https://source.android.com/security/bulletin/2017-11-01\",\n                                    \"https://security.gentoo.org/glsa/201711-03\",\n                                    \"https://support.lenovo.com/us/en/product_security/LEN-17420\",\n                                    \"https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc\",\n                                    \"https://www.krackattacks.com/\",\n                                    \"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\",\n                                    \"http://www.securitytracker.com/id/1039573\",\n                                    \"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html\",\n                                    \"http://www.securitytracker.com/id/1039576\",\n                                    \"https://cert.vde.com/en-us/advisories/vde-2017-003\",\n                                    \"http://www.securitytracker.com/id/1039585\",\n                                    \"http://www.kb.cert.org/vuls/id/228519\",\n                                    \"https://support.apple.com/HT208220\",\n                                    \"https://support.apple.com/HT208219\",\n                                    \"https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html\",\n                                    \"https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf\",\n                                    \"https://cert.vde.com/en-us/advisories/vde-2017-005\",\n                                    \"http://www.securitytracker.com/id/1039703\",\n                                    \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080\",\n                                    \"http://www.ubuntu.com/usn/USN-3455-1\",\n                                    \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html\"\n                                ],\n                                \"description\": \"Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.\",\n                                \"datePublished\": \"2017-10-17T11:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"4378edc6-4947-32fb-b693-1c334b37f7de\",\n                                        \"product\": {\n                                            \"name\": \"Wi-Fi Protected Access (WPA and WPA2)\"\n                                        },\n                                        \"product_version\": \"WPA\"\n                                    },\n                                    {\n                                        \"id\": \"57a2896a-bf0b-3eb4-8d87-ed948df09334\",\n                                        \"product\": {\n                                            \"name\": \"Wi-Fi Protected Access (WPA and WPA2)\"\n                                        },\n                                        \"product_version\": \"WPA2\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2017-13081\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 5.3,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00257,\n                                \"percentile\": 0.48851\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2017-4599\",\n                                \"epss\": \"0.2500\",\n                                \"aliases\": [\n                                    \"CVE-2017-13081\"\n                                ],\n                                \"assigner\": \"certcc\",\n                                \"baseScore\": \"5.3\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2017-13081.html\",\n                                    \"https://www.debian.org/security/2017/dsa-3999\",\n                                    \"https://ubuntu.com/security/CVE-2017-13081\",\n                                    \"https://advisories.mageia.org/CVE-2017-13081.html\",\n                                    \"https://security.archlinux.org/CVE-2017-13081\",\n                                    \"http://www.securitytracker.com/id/1039581\",\n                                    \"http://www.securityfocus.com/bid/101274\",\n                                    \"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html\",\n                                    \"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html\",\n                                    \"http://www.debian.org/security/2017/dsa-3999\",\n                                    \"http://www.securitytracker.com/id/1039578\",\n                                    \"https://access.redhat.com/security/vulnerabilities/kracks\",\n                                    \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa\",\n                                    \"https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\",\n                                    \"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt\",\n                                    \"http://www.securitytracker.com/id/1039577\",\n                                    \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us\",\n                                    \"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html\",\n                                    \"https://source.android.com/security/bulletin/2017-11-01\",\n                                    \"https://security.gentoo.org/glsa/201711-03\",\n                                    \"https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc\",\n                                    \"https://www.krackattacks.com/\",\n                                    \"http://www.securitytracker.com/id/1039573\",\n                                    \"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html\",\n                                    \"http://www.securitytracker.com/id/1039576\",\n                                    \"http://www.securitytracker.com/id/1039585\",\n                                    \"http://www.kb.cert.org/vuls/id/228519\",\n                                    \"https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html\",\n                                    \"https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf\",\n                                    \"https://cert.vde.com/en-us/advisories/vde-2017-005\",\n                                    \"http://www.ubuntu.com/usn/USN-3455-1\"\n                                ],\n                                \"description\": \"Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.\",\n                                \"datePublished\": \"2017-10-17T11:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"7277707b-a9e6-3aaa-8901-5f917db23145\",\n                                        \"product\": {\n                                            \"name\": \"Wi-Fi Protected Access (WPA and WPA2)\"\n                                        },\n                                        \"product_version\": \"WPA\"\n                                    },\n                                    {\n                                        \"id\": \"da1cb734-2142-3994-a98c-e74e18d3c9a6\",\n                                        \"product\": {\n                                            \"name\": \"Wi-Fi Protected Access (WPA and WPA2)\"\n                                        },\n                                        \"product_version\": \"WPA2\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2017-13082\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"HIGH\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 8.1,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00399,\n                                \"percentile\": 0.59905\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2017-4600\",\n                                \"epss\": \"0.3900\",\n                                \"aliases\": [\n                                    \"CVE-2017-13082\"\n                                ],\n                                \"assigner\": \"certcc\",\n                                \"baseScore\": \"8.1\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2017-13082.html\",\n                                    \"https://www.debian.org/security/2017/dsa-3999\",\n                                    \"https://access.redhat.com/errata/RHSA-2017:2907\",\n                                    \"https://ubuntu.com/security/CVE-2017-13082\",\n                                    \"https://advisories.mageia.org/CVE-2017-13082.html\",\n                                    \"https://security.archlinux.org/CVE-2017-13082\",\n                                    \"https://linux.oracle.com/cve/CVE-2017-13082.html\",\n                                    \"http://www.securitytracker.com/id/1039581\",\n                                    \"http://www.securityfocus.com/bid/101274\",\n                                    \"https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1066697\",\n                                    \"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html\",\n                                    \"http://www.debian.org/security/2017/dsa-3999\",\n                                    \"https://access.redhat.com/security/vulnerabilities/kracks\",\n                                    \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa\",\n                                    \"https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\",\n                                    \"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt\",\n                                    \"http://www.securitytracker.com/id/1039571\",\n                                    \"https://ics-cert.us-cert.gov/advisories/ICSA-17-299-02\",\n                                    \"https://source.android.com/security/bulletin/2017-11-01\",\n                                    \"https://security.gentoo.org/glsa/201711-03\",\n                                    \"http://www.securitytracker.com/id/1039570\",\n                                    \"https://support.lenovo.com/us/en/product_security/LEN-17420\",\n                                    \"https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc\",\n                                    \"https://www.krackattacks.com/\",\n                                    \"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\",\n                                    \"http://www.securitytracker.com/id/1039573\",\n                                    \"http://www.kb.cert.org/vuls/id/228519\",\n                                    \"https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf\",\n                                    \"https://github.com/vanhoefm/krackattacks-test-ap-ft\",\n                                    \"https://cert.vde.com/en-us/advisories/vde-2017-005\",\n                                    \"http://www.ubuntu.com/usn/USN-3455-1\",\n                                    \"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html\"\n                                ],\n                                \"description\": \"Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.\",\n                                \"datePublished\": \"2017-10-17T11:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"15b3c53d-0d39-3b33-bf70-67d22e71bd49\",\n                                        \"product\": {\n                                            \"name\": \"Wi-Fi Protected Access (WPA and WPA2)\"\n                                        },\n                                        \"product_version\": \"WPA\"\n                                    },\n                                    {\n                                        \"id\": \"8e122b73-5388-3ea2-aee7-3264925e1cfa\",\n                                        \"product\": {\n                                            \"name\": \"Wi-Fi Protected Access (WPA and WPA2)\"\n                                        },\n                                        \"product_version\": \"WPA2\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2017-13084\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 6.8,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00932,\n                                \"percentile\": 0.75387\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2017-4602\",\n                                \"epss\": \"0.9300\",\n                                \"aliases\": [\n                                    \"CVE-2017-13084\"\n                                ],\n                                \"assigner\": \"certcc\",\n                                \"baseScore\": \"6.8\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2017-13084.html\",\n                                    \"https://security.archlinux.org/CVE-2017-13084\",\n                                    \"http://www.securitytracker.com/id/1039581\",\n                                    \"http://www.securityfocus.com/bid/101274\",\n                                    \"https://access.redhat.com/security/vulnerabilities/kracks\",\n                                    \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa\",\n                                    \"https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\",\n                                    \"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt\",\n                                    \"http://www.securitytracker.com/id/1039577\",\n                                    \"https://security.gentoo.org/glsa/201711-03\",\n                                    \"https://support.lenovo.com/us/en/product_security/LEN-17420\",\n                                    \"https://www.krackattacks.com/\",\n                                    \"http://www.securitytracker.com/id/1039576\",\n                                    \"http://www.kb.cert.org/vuls/id/228519\",\n                                    \"https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf\"\n                                ],\n                                \"description\": \"Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.\",\n                                \"datePublished\": \"2017-10-17T11:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"2a6aa61d-f25c-314b-af10-20bec079a6cc\",\n                                        \"product\": {\n                                            \"name\": \"Wi-Fi Protected Access (WPA and WPA2)\"\n                                        },\n                                        \"product_version\": \"WPA2\"\n                                    },\n                                    {\n                                        \"id\": \"d5bbb797-5ddf-31de-a65f-81c019c7eb62\",\n                                        \"product\": {\n                                            \"name\": \"Wi-Fi Protected Access (WPA and WPA2)\"\n                                        },\n                                        \"product_version\": \"WPA\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2017-13086\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 6.8,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00301,\n                                \"percentile\": 0.52956\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2017-4604\",\n                                \"epss\": \"0.2900\",\n                                \"aliases\": [\n                                    \"CVE-2017-13086\"\n                                ],\n                                \"assigner\": \"certcc\",\n                                \"baseScore\": \"6.8\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2017-13086.html\",\n                                    \"https://www.debian.org/security/2017/dsa-3999\",\n                                    \"https://access.redhat.com/errata/RHSA-2017:2907\",\n                                    \"https://ubuntu.com/security/CVE-2017-13086\",\n                                    \"https://advisories.mageia.org/CVE-2017-13086.html\",\n                                    \"https://security.archlinux.org/CVE-2017-13086\",\n                                    \"https://linux.oracle.com/cve/CVE-2017-13086.html\",\n                                    \"http://www.securitytracker.com/id/1039581\",\n                                    \"http://www.securityfocus.com/bid/101274\",\n                                    \"http://www.debian.org/security/2017/dsa-3999\",\n                                    \"http://www.securitytracker.com/id/1039578\",\n                                    \"https://access.redhat.com/security/vulnerabilities/kracks\",\n                                    \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa\",\n                                    \"https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\",\n                                    \"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt\",\n                                    \"http://www.securitytracker.com/id/1039577\",\n                                    \"https://source.android.com/security/bulletin/2017-11-01\",\n                                    \"https://security.gentoo.org/glsa/201711-03\",\n                                    \"https://support.lenovo.com/us/en/product_security/LEN-17420\",\n                                    \"https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc\",\n                                    \"https://www.krackattacks.com/\",\n                                    \"http://www.securitytracker.com/id/1039573\",\n                                    \"http://www.securitytracker.com/id/1039576\",\n                                    \"http://www.kb.cert.org/vuls/id/228519\",\n                                    \"https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf\",\n                                    \"https://cert.vde.com/en-us/advisories/vde-2017-005\",\n                                    \"http://www.ubuntu.com/usn/USN-3455-1\"\n                                ],\n                                \"description\": \"Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.\",\n                                \"datePublished\": \"2017-10-17T11:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"83f85ad2-e56b-3208-bc35-90914c52d5f0\",\n                                        \"product\": {\n                                            \"name\": \"Wi-Fi Protected Access (WPA and WPA2)\"\n                                        },\n                                        \"product_version\": \"WPA\"\n                                    },\n                                    {\n                                        \"id\": \"fb1f438a-8292-398e-b9a8-e18e0fda1fd3\",\n                                        \"product\": {\n                                            \"name\": \"Wi-Fi Protected Access (WPA and WPA2)\"\n                                        },\n                                        \"product_version\": \"WPA2\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2017-13087\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 5.3,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00222,\n                                \"percentile\": 0.44728\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2017-4605\",\n                                \"epss\": \"0.2200\",\n                                \"aliases\": [\n                                    \"CVE-2017-13087\"\n                                ],\n                                \"assigner\": \"certcc\",\n                                \"baseScore\": \"5.3\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2017-13087.html\",\n                                    \"https://www.debian.org/security/2017/dsa-3999\",\n                                    \"https://access.redhat.com/errata/RHSA-2017:2911\",\n                                    \"https://access.redhat.com/errata/RHSA-2017:2907\",\n                                    \"https://ubuntu.com/security/CVE-2017-13087\",\n                                    \"https://advisories.mageia.org/CVE-2017-13087.html\",\n                                    \"https://security.archlinux.org/CVE-2017-13087\",\n                                    \"https://linux.oracle.com/cve/CVE-2017-13087.html\",\n                                    \"http://www.securitytracker.com/id/1039581\",\n                                    \"http://www.securityfocus.com/bid/101274\",\n                                    \"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html\",\n                                    \"http://www.debian.org/security/2017/dsa-3999\",\n                                    \"http://www.securitytracker.com/id/1039578\",\n                                    \"https://access.redhat.com/security/vulnerabilities/kracks\",\n                                    \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa\",\n                                    \"https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\",\n                                    \"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt\",\n                                    \"http://www.securitytracker.com/id/1039577\",\n                                    \"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html\",\n                                    \"https://source.android.com/security/bulletin/2017-11-01\",\n                                    \"https://security.gentoo.org/glsa/201711-03\",\n                                    \"https://support.lenovo.com/us/en/product_security/LEN-17420\",\n                                    \"https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc\",\n                                    \"https://www.krackattacks.com/\",\n                                    \"http://www.securitytracker.com/id/1039573\",\n                                    \"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html\",\n                                    \"http://www.securitytracker.com/id/1039576\",\n                                    \"http://www.kb.cert.org/vuls/id/228519\",\n                                    \"https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf\",\n                                    \"https://cert.vde.com/en-us/advisories/vde-2017-005\",\n                                    \"http://www.ubuntu.com/usn/USN-3455-1\"\n                                ],\n                                \"description\": \"Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.\",\n                                \"datePublished\": \"2017-10-17T11:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"10478174-674c-32c4-8ed5-9f7f5b94cb2b\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2017-13088\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 5.3,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00191,\n                                \"percentile\": 0.41193\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2017-4606\",\n                                \"epss\": \"0.1900\",\n                                \"aliases\": [\n                                    \"CVE-2017-13088\"\n                                ],\n                                \"assigner\": \"certcc\",\n                                \"baseScore\": \"5.3\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2017-13088.html\",\n                                    \"https://www.debian.org/security/2017/dsa-3999\",\n                                    \"https://access.redhat.com/errata/RHSA-2017:2907\",\n                                    \"https://ubuntu.com/security/CVE-2017-13088\",\n                                    \"https://advisories.mageia.org/CVE-2017-13088.html\",\n                                    \"https://security.archlinux.org/CVE-2017-13088\",\n                                    \"https://linux.oracle.com/cve/CVE-2017-13088.html\",\n                                    \"http://www.securitytracker.com/id/1039581\",\n                                    \"http://www.securityfocus.com/bid/101274\",\n                                    \"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\",\n                                    \"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html\",\n                                    \"http://www.debian.org/security/2017/dsa-3999\",\n                                    \"http://www.securitytracker.com/id/1039578\",\n                                    \"https://access.redhat.com/security/vulnerabilities/kracks\",\n                                    \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa\",\n                                    \"https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\",\n                                    \"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt\",\n                                    \"http://www.securitytracker.com/id/1039577\",\n                                    \"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html\",\n                                    \"https://source.android.com/security/bulletin/2017-11-01\",\n                                    \"https://security.gentoo.org/glsa/201711-03\",\n                                    \"https://support.lenovo.com/us/en/product_security/LEN-17420\",\n                                    \"https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc\",\n                                    \"https://www.krackattacks.com/\",\n                                    \"http://www.securitytracker.com/id/1039573\",\n                                    \"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html\",\n                                    \"http://www.securitytracker.com/id/1039576\",\n                                    \"http://www.kb.cert.org/vuls/id/228519\",\n                                    \"https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf\",\n                                    \"https://cert.vde.com/en-us/advisories/vde-2017-005\",\n                                    \"http://www.ubuntu.com/usn/USN-3455-1\"\n                                ],\n                                \"description\": \"Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.\",\n                                \"datePublished\": \"2017-10-17T11:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"63fecd7e-20b1-3aa3-a916-f4cd240d0eae\",\n                                        \"product\": {\n                                            \"name\": \"Wi-Fi Protected Access (WPA and WPA2)\"\n                                        },\n                                        \"product_version\": \"WPA\"\n                                    },\n                                    {\n                                        \"id\": \"e047dee5-7ca3-37c4-a3da-b120e7fecc98\",\n                                        \"product\": {\n                                            \"name\": \"Wi-Fi Protected Access (WPA and WPA2)\"\n                                        },\n                                        \"product_version\": \"WPA2\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2018-14526\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 6.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.01138,\n                                \"percentile\": 0.77754\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2018-6436\",\n                                \"epss\": \"0.7700\",\n                                \"aliases\": [\n                                    \"CVE-2018-14526\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"6.5\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2018-14526.html\",\n                                    \"https://access.redhat.com/errata/RHSA-2018:3107\",\n                                    \"https://ubuntu.com/security/CVE-2018-14526\",\n                                    \"https://advisories.mageia.org/CVE-2018-14526.html\",\n                                    \"https://security.archlinux.org/CVE-2018-14526\",\n                                    \"https://linux.oracle.com/cve/CVE-2018-14526.html\",\n                                    \"https://papers.mathyvanhoef.com/woot2018.pdf\",\n                                    \"http://www.securitytracker.com/id/1041438\",\n                                    \"https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt\",\n                                    \"https://security.FreeBSD.org/advisories/FreeBSD-SA-18:11.hostapd.asc\",\n                                    \"https://lists.debian.org/debian-lts-announce/2018/08/msg00009.html\",\n                                    \"https://usn.ubuntu.com/3745-1/\",\n                                    \"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00013.html\",\n                                    \"https://cert-portal.siemens.com/productcert/pdf/ssa-344983.pdf\",\n                                    \"https://www.us-cert.gov/ics/advisories/icsa-19-344-01\"\n                                ],\n                                \"description\": \"An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.\",\n                                \"datePublished\": \"2018-08-08T17:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"98be13f9-bd6b-3942-a927-168be8128162\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2019-11555\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 5.9,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.09076,\n                                \"percentile\": 0.92318\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2019-3226\",\n                                \"epss\": \"9.0800\",\n                                \"aliases\": [\n                                    \"CVE-2019-11555\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"5.9\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2019-11555.html\",\n                                    \"https://www.debian.org/security/2019/dsa-4450\",\n                                    \"https://ubuntu.com/security/CVE-2019-11555\",\n                                    \"https://www.openwall.com/lists/oss-security/2019/04/18/6\",\n                                    \"https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt\",\n                                    \"http://www.openwall.com/lists/oss-security/2019/04/26/1\",\n                                    \"https://usn.ubuntu.com/3969-1/\",\n                                    \"https://usn.ubuntu.com/3969-2/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5T7G763UECWR7FQXOJVL67PW7C5A3SA4/\",\n                                    \"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc\",\n                                    \"https://seclists.org/bugtraq/2019/May/40\",\n                                    \"https://seclists.org/bugtraq/2019/May/64\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IQ6P2GI5GSXRNLNIUNPARFZQVDEIGVZD/\",\n                                    \"https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJKZHAT5KPUN26JL77EUH563GAH5XZ5C/\",\n                                    \"https://security.gentoo.org/glsa/201908-25\"\n                                ],\n                                \"description\": \"The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (denial of service). This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c.\",\n                                \"datePublished\": \"2019-04-26T19:16:24.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"59e553a8-b6de-3744-99b9-1035478e7e7c\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (denial of service). This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2019-9494\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 5.9,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.01538,\n                                \"percentile\": 0.8077\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2019-18868\",\n                                \"epss\": \"1.5700\",\n                                \"aliases\": [\n                                    \"CVE-2019-9494\"\n                                ],\n                                \"assigner\": \"certcc\",\n                                \"baseScore\": \"5.9\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2019-9494.html\",\n                                    \"https://advisories.mageia.org/CVE-2019-9494.html\",\n                                    \"https://w1.fi/security/2019-1/\",\n                                    \"https://www.synology.com/security/advisory/Synology_SA_19_16\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/\",\n                                    \"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc\",\n                                    \"https://seclists.org/bugtraq/2019/May/40\",\n                                    \"http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html\",\n                                    \"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html\"\n                                ],\n                                \"description\": \"The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.\",\n                                \"datePublished\": \"2019-04-17T11:31:08.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"90ba1b9d-442e-3be1-86e8-c4596dee0fb6\",\n                                        \"product\": {\n                                            \"name\": \"wpa_supplicant with SAE support\"\n                                        },\n                                        \"product_version\": \"2.7 ≤2.7\"\n                                    },\n                                    {\n                                        \"id\": \"ef3a218b-9c6e-3db1-bfbb-0ae72f0fb786\",\n                                        \"product\": {\n                                            \"name\": \"hostapd with SAE support\"\n                                        },\n                                        \"product_version\": \"2.7 ≤2.7\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2019-9495\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"LOW\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 3.7,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.06034,\n                                \"percentile\": 0.90314\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2019-18869\",\n                                \"epss\": \"3.2500\",\n                                \"aliases\": [\n                                    \"CVE-2019-9495\"\n                                ],\n                                \"assigner\": \"certcc\",\n                                \"baseScore\": \"3.7\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2019-9495.html\",\n                                    \"https://www.debian.org/security/2019/dsa-4430\",\n                                    \"https://ubuntu.com/security/CVE-2019-9495\",\n                                    \"https://w1.fi/security/2019-2/\",\n                                    \"https://www.synology.com/security/advisory/Synology_SA_19_16\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/\",\n                                    \"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc\",\n                                    \"https://seclists.org/bugtraq/2019/May/40\",\n                                    \"http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html\",\n                                    \"https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html\",\n                                    \"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html\"\n                                ],\n                                \"description\": \"The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.\",\n                                \"datePublished\": \"2019-04-17T11:31:08.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"31441334-7bdd-3624-aa81-a72261696852\",\n                                        \"product\": {\n                                            \"name\": \"hostapd with EAP-pwd support\"\n                                        },\n                                        \"product_version\": \"2.7 ≤2.7\"\n                                    },\n                                    {\n                                        \"id\": \"350aea84-0aea-32be-acd5-b6db7ea46cd7\",\n                                        \"product\": {\n                                            \"name\": \"wpa_supplicant with EAP-pwd support\"\n                                        },\n                                        \"product_version\": \"2.7 ≤2.7\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2019-9496\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"HIGH\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 7.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.02156,\n                                \"percentile\": 0.83726\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2019-18870\",\n                                \"epss\": \"2.1600\",\n                                \"aliases\": [\n                                    \"CVE-2019-9496\"\n                                ],\n                                \"assigner\": \"certcc\",\n                                \"baseScore\": \"7.5\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2019-9496.html\",\n                                    \"https://w1.fi/security/2019-3/\",\n                                    \"https://www.synology.com/security/advisory/Synology_SA_19_16\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/\",\n                                    \"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc\",\n                                    \"https://seclists.org/bugtraq/2019/May/40\",\n                                    \"http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html\",\n                                    \"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html\"\n                                ],\n                                \"description\": \"An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate, performing a denial of service attack. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.\",\n                                \"datePublished\": \"2019-04-17T11:31:08.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"249ff8cd-75b2-3b39-afc1-68efab5c8c13\",\n                                        \"product\": {\n                                            \"name\": \"hostapd with SAE support\"\n                                        },\n                                        \"product_version\": \"2.7 ≤2.7\"\n                                    },\n                                    {\n                                        \"id\": \"3ba71e46-06b9-343b-b90d-f147fbdf6a12\",\n                                        \"product\": {\n                                            \"name\": \"wpa_supplicant with SAE support\"\n                                        },\n                                        \"product_version\": \"2.7 ≤2.7\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate, performing a denial of service attack. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2019-9497\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"HIGH\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 8.1,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.08116,\n                                \"percentile\": 0.91807\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2019-18871\",\n                                \"epss\": \"8.1200\",\n                                \"aliases\": [\n                                    \"CVE-2019-9497\"\n                                ],\n                                \"assigner\": \"certcc\",\n                                \"baseScore\": \"8.1\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2019-9497.html\",\n                                    \"https://www.debian.org/security/2019/dsa-4430\",\n                                    \"https://ubuntu.com/security/CVE-2019-9497\",\n                                    \"https://w1.fi/security/2019-4/\",\n                                    \"https://www.synology.com/security/advisory/Synology_SA_19_16\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/\",\n                                    \"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc\",\n                                    \"https://seclists.org/bugtraq/2019/May/40\",\n                                    \"http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html\",\n                                    \"https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html\",\n                                    \"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html\"\n                                ],\n                                \"description\": \"The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.\",\n                                \"datePublished\": \"2019-04-17T11:31:08.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"4a226c4e-c99a-3e24-90dd-d69deac9db9e\",\n                                        \"product\": {\n                                            \"name\": \"wpa_supplicant with SAE support\"\n                                        },\n                                        \"product_version\": \"2.4 ≤2.4\"\n                                    },\n                                    {\n                                        \"id\": \"5b9394e2-330f-34a6-8d60-2ccddc15c09c\",\n                                        \"product\": {\n                                            \"name\": \"hostapd with EAP-pwd support\"\n                                        },\n                                        \"product_version\": \"2.7 ≤2.7\"\n                                    },\n                                    {\n                                        \"id\": \"8d08128f-08db-35df-801d-180e8c7eb238\",\n                                        \"product\": {\n                                            \"name\": \"wpa_supplicant with EAP-pwd support\"\n                                        },\n                                        \"product_version\": \"2.7 ≤2.7\"\n                                    },\n                                    {\n                                        \"id\": \"e864c7b8-c059-3371-aaf8-17f0467e2b99\",\n                                        \"product\": {\n                                            \"name\": \"hostapd with SAE support\"\n                                        },\n                                        \"product_version\": \"2.4 ≤2.4\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2019-9498\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"HIGH\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 8.1,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.01063,\n                                \"percentile\": 0.76987\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2019-18872\",\n                                \"epss\": \"1.0600\",\n                                \"aliases\": [\n                                    \"CVE-2019-9498\"\n                                ],\n                                \"assigner\": \"certcc\",\n                                \"baseScore\": \"8.1\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2019-9498.html\",\n                                    \"https://www.debian.org/security/2019/dsa-4430\",\n                                    \"https://ubuntu.com/security/CVE-2019-9498\",\n                                    \"https://w1.fi/security/2019-4/\",\n                                    \"https://www.synology.com/security/advisory/Synology_SA_19_16\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/\",\n                                    \"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc\",\n                                    \"https://seclists.org/bugtraq/2019/May/40\",\n                                    \"https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html\",\n                                    \"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html\"\n                                ],\n                                \"description\": \"The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.\",\n                                \"datePublished\": \"2019-04-17T11:31:08.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"51b2662a-479d-3d7e-ba35-c62fd4fd9593\",\n                                        \"product\": {\n                                            \"name\": \"wpa_supplicant with SAE support\"\n                                        },\n                                        \"product_version\": \"2.4 ≤2.4\"\n                                    },\n                                    {\n                                        \"id\": \"5a05a07a-aa6f-3de1-a1cf-dff3c7504361\",\n                                        \"product\": {\n                                            \"name\": \"hostapd with EAP-pwd support\"\n                                        },\n                                        \"product_version\": \"2.7 ≤2.7\"\n                                    },\n                                    {\n                                        \"id\": \"90bba288-913f-34c6-a31d-bc4187fc3b90\",\n                                        \"product\": {\n                                            \"name\": \"hostapd with SAE support\"\n                                        },\n                                        \"product_version\": \"2.4 ≤2.4\"\n                                    },\n                                    {\n                                        \"id\": \"fa612b36-babf-3a2f-8382-6379bb607aab\",\n                                        \"product\": {\n                                            \"name\": \"wpa_supplicant with EAP-pwd support\"\n                                        },\n                                        \"product_version\": \"2.7 ≤2.7\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2019-9499\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"HIGH\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 8.1,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.01063,\n                                \"percentile\": 0.76987\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2019-18873\",\n                                \"epss\": \"1.0600\",\n                                \"aliases\": [\n                                    \"CVE-2019-9499\"\n                                ],\n                                \"assigner\": \"certcc\",\n                                \"baseScore\": \"8.1\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2019-9499.html\",\n                                    \"https://www.debian.org/security/2019/dsa-4430\",\n                                    \"https://ubuntu.com/security/CVE-2019-9499\",\n                                    \"https://w1.fi/security/2019-4/\",\n                                    \"https://www.synology.com/security/advisory/Synology_SA_19_16\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/\",\n                                    \"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc\",\n                                    \"https://seclists.org/bugtraq/2019/May/40\",\n                                    \"https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html\",\n                                    \"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html\"\n                                ],\n                                \"description\": \"The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.\",\n                                \"datePublished\": \"2019-04-17T11:31:08.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"402fbd5a-efef-3a18-9bba-3ac042c40564\",\n                                        \"product\": {\n                                            \"name\": \"hostapd with SAE support\"\n                                        },\n                                        \"product_version\": \"2.4 ≤2.4\"\n                                    },\n                                    {\n                                        \"id\": \"697c6f71-2f75-397e-a6dd-0a1bcbc74c14\",\n                                        \"product\": {\n                                            \"name\": \"hostapd with EAP-pwd support\"\n                                        },\n                                        \"product_version\": \"2.7 ≤2.7\"\n                                    },\n                                    {\n                                        \"id\": \"a4f1da53-835b-346a-839e-7e9211e4c3ea\",\n                                        \"product\": {\n                                            \"name\": \"wpa_supplicant with EAP-pwd support\"\n                                        },\n                                        \"product_version\": \"2.7 ≤2.7\"\n                                    },\n                                    {\n                                        \"id\": \"ddc899d6-a1a2-377a-9319-4531fd80848f\",\n                                        \"product\": {\n                                            \"name\": \"wpa_supplicant with SAE support\"\n                                        },\n                                        \"product_version\": \"2.4 ≤2.4\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2021-27803\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"HIGH\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 7.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00283,\n                                \"percentile\": 0.51315\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2021-14544\",\n                                \"epss\": \"0.2800\",\n                                \"aliases\": [\n                                    \"CVE-2021-27803\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"7.5\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2021-27803.html\",\n                                    \"https://www.debian.org/security/2021/dsa-4898\",\n                                    \"https://access.redhat.com/errata/RHSA-2021:0818\",\n                                    \"https://access.redhat.com/errata/RHSA-2021:0816\",\n                                    \"https://access.redhat.com/errata/RHSA-2021:0809\",\n                                    \"https://access.redhat.com/errata/RHSA-2021:0808\",\n                                    \"https://ubuntu.com/security/CVE-2021-27803\",\n                                    \"https://advisories.mageia.org/CVE-2021-27803.html\",\n                                    \"https://security.archlinux.org/CVE-2021-27803\",\n                                    \"https://linux.oracle.com/cve/CVE-2021-27803.html\",\n                                    \"https://www.openwall.com/lists/oss-security/2021/02/25/3\",\n                                    \"https://w1.fi/security/2021-1/wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt\",\n                                    \"https://w1.fi/security/2021-1/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch\",\n                                    \"http://www.openwall.com/lists/oss-security/2021/02/27/1\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KOGP2VIVVXXQ6CZ2HU4DKGPDB4WR24XF/\",\n                                    \"https://lists.debian.org/debian-lts-announce/2021/03/msg00003.html\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZGUR5XFHATVXTRAEJMODS7ROYHA56NX/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SEHS2CFGH3KCSNPHBHNGN5SGV6QPMLZ4/\"\n                                ],\n                                \"description\": \"A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.\",\n                                \"datePublished\": \"2021-02-26T21:11:27.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"d64f4eb0-98e9-34f2-ab7d-0a2c506ed3c4\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2021-30004\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 5.3,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00296,\n                                \"percentile\": 0.52472\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2021-16948\",\n                                \"epss\": \"0.3000\",\n                                \"aliases\": [\n                                    \"CVE-2021-30004\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"5.3\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2021-30004.html\",\n                                    \"https://advisories.mageia.org/CVE-2021-30004.html\",\n                                    \"https://security.archlinux.org/CVE-2021-30004\",\n                                    \"https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15\",\n                                    \"https://security.gentoo.org/glsa/202309-16\"\n                                ],\n                                \"description\": \"In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.\",\n                                \"datePublished\": \"2021-04-01T22:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"275e3cba-3242-3f0f-8133-53b19e3aec25\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2022-23303\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"CRITICAL\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 9.8,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00301,\n                                \"percentile\": 0.52894\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2022-28388\",\n                                \"epss\": \"0.3000\",\n                                \"aliases\": [\n                                    \"CVE-2022-23303\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"9.8\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2022-23303.html\",\n                                    \"https://advisories.mageia.org/CVE-2022-23303.html\",\n                                    \"https://w1.fi/security/2022-1/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPDHU5MV464CZBPX7N2SNMUYP6DFIBZL/\",\n                                    \"https://security.gentoo.org/glsa/202309-16\",\n                                    \"https://nvd.nist.gov/vuln/detail/CVE-2022-23303\",\n                                    \"https://lists.debian.org/debian-lts-announce/2025/04/msg00019.html\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPDHU5MV464CZBPX7N2SNMUYP6DFIBZL\"\n                                ],\n                                \"description\": \"The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.\",\n                                \"datePublished\": \"2022-01-16T23:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"ac0b52c6-4060-3fa9-aa4e-19dfb9e70770\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2022-23304\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"CRITICAL\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 9.8,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00056,\n                                \"percentile\": 0.17368\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2022-28389\",\n                                \"epss\": \"0.0600\",\n                                \"aliases\": [\n                                    \"CVE-2022-23304\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"9.8\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2022-23304.html\",\n                                    \"https://w1.fi/security/2022-1/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPDHU5MV464CZBPX7N2SNMUYP6DFIBZL/\",\n                                    \"https://security.gentoo.org/glsa/202309-16\",\n                                    \"https://nvd.nist.gov/vuln/detail/CVE-2022-23304\",\n                                    \"https://lists.debian.org/debian-lts-announce/2025/04/msg00019.html\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPDHU5MV464CZBPX7N2SNMUYP6DFIBZL\"\n                                ],\n                                \"description\": \"The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.\",\n                                \"datePublished\": \"2022-01-16T23:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"e69475c7-fd6b-3394-a6d8-67a117532331\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2023-52160\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 6.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.03378,\n                                \"percentile\": 0.86888\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2023-56833\",\n                                \"epss\": \"3.3800\",\n                                \"aliases\": [\n                                    \"CVE-2023-52160\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"6.5\",\n                                \"references\": [\n                                    \"https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c\",\n                                    \"https://www.top10vpn.com/research/wifi-vulnerabilities/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N46C4DTVUWK336OYDA4LGALSC5VVPTCC/\",\n                                    \"https://lists.debian.org/debian-lts-announce/2024/02/msg00013.html\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QU6IR4KV3ZXJZLK2BY7HAHGZNCP7FPNI/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N46C4DTVUWK336OYDA4LGALSC5VVPTCC/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU6IR4KV3ZXJZLK2BY7HAHGZNCP7FPNI/\",\n                                    \"https://nvd.nist.gov/vuln/detail/CVE-2023-52160\"\n                                ],\n                                \"description\": \"The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.\",\n                                \"datePublished\": \"2024-02-21T23:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"540fe031-15e9-3dcd-b3bd-2a1a7a89802d\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        }\n                                    },\n                                    {\n                                        \"id\": \"da847856-b5ed-3ca5-95fd-acfc08fdc5d9\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/wpa_supplicant@2.10\",\n                        \"cve_id\": \"CVE-2024-5290\",\n                        \"version\": \"2.10\",\n                        \"enriched\": true,\n                        \"severity\": \"HIGH\",\n                        \"component\": \"wpa_supplicant\",\n                        \"cvss_score\": 8.8,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00248,\n                                \"percentile\": 0.47931\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2024-46526\",\n                                \"epss\": \"0.2500\",\n                                \"aliases\": [\n                                    \"CVE-2024-5290\"\n                                ],\n                                \"assigner\": \"canonical\",\n                                \"baseScore\": \"8.8\",\n                                \"references\": [\n                                    \"https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613\",\n                                    \"https://snyk.io/blog/abusing-ubuntu-root-privilege-escalation/\",\n                                    \"https://ubuntu.com/security/notices/USN-6945-1\"\n                                ],\n                                \"description\": \"An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root).\\n\\n\\n\\n\\nMembership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.\",\n                                \"datePublished\": \"2024-08-07T06:14:08.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"060daedc-2ddb-377e-85f9-73bce3e43609\",\n                                        \"product\": {\n                                            \"name\": \"wpa_supplicant\"\n                                        },\n                                        \"product_version\": \"2:2.9-1ubuntu2 <2:2.9-1ubuntu4.4\"\n                                    },\n                                    {\n                                        \"id\": \"33c22ecb-39a7-3d4d-a8f1-bdb6b349587c\",\n                                        \"product\": {\n                                            \"name\": \"wpa_supplicant\"\n                                        },\n                                        \"product_version\": \"2:2.10-15 <2:2.10-21ubuntu0.1\"\n                                    },\n                                    {\n                                        \"id\": \"54426c81-98b3-33ff-8b96-6ed27837fb3a\",\n                                        \"product\": {\n                                            \"name\": \"wpa_supplicant\"\n                                        },\n                                        \"product_version\": \"2.4-0ubuntu10 <2:2.6-15ubuntu2.8+esm1\"\n                                    },\n                                    {\n                                        \"id\": \"70a14099-66e5-3ee9-ad27-22b61af929c1\",\n                                        \"product\": {\n                                            \"name\": \"wpa_supplicant\"\n                                        },\n                                        \"product_version\": \"2:2.9.0-21build1 <2:2.10-6ubuntu2.1\"\n                                    },\n                                    {\n                                        \"id\": \"c56638ad-5873-3b03-82ce-0ce01b998287\",\n                                        \"product\": {\n                                            \"name\": \"wpa_supplicant\"\n                                        },\n                                        \"product_version\": \"2.1-0ubuntu1 <2.1-0ubuntu1.7+esm5\"\n                                    },\n                                    {\n                                        \"id\": \"e30c591f-1182-342a-a0a5-ada60d9991c0\",\n                                        \"product\": {\n                                            \"name\": \"wpa_supplicant\"\n                                        },\n                                        \"product_version\": \"2.4-0ubuntu3 <2.4-0ubuntu6.8+esm1\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2015-5291\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 0,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.01704,\n                                \"percentile\": 0.81726\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2015-5268\",\n                                \"epss\": \"1.7000\",\n                                \"aliases\": [\n                                    \"CVE-2015-5291\"\n                                ],\n                                \"assigner\": \"redhat\",\n                                \"baseScore\": \"6.8\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2015-5291.html\",\n                                    \"https://www.debian.org/security/2016/dsa-3468\",\n                                    \"https://advisories.mageia.org/CVE-2015-5291.html\",\n                                    \"http://www.debian.org/security/2016/dsa-3468\",\n                                    \"https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf\",\n                                    \"https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/\",\n                                    \"http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html\",\n                                    \"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170317.html\",\n                                    \"http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169765.html\",\n                                    \"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01\",\n                                    \"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00013.html\",\n                                    \"https://security.gentoo.org/glsa/201706-18\",\n                                    \"http://lists.opensuse.org/opensuse-updates/2015-12/msg00119.html\"\n                                ],\n                                \"description\": \"Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message.  NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0.\",\n                                \"datePublished\": \"2015-11-02T18:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"0ba48797-9318-3441-b11b-2903cbd359aa\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\n                                \"baseScoreVersion\": \"2.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2015-8036\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 0,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00915,\n                                \"percentile\": 0.75172\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2015-7929\",\n                                \"epss\": \"0.9200\",\n                                \"aliases\": [\n                                    \"CVE-2015-8036\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"6.8\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2015-8036.html\",\n                                    \"https://www.debian.org/security/2016/dsa-3468\",\n                                    \"https://advisories.mageia.org/CVE-2015-8036.html\",\n                                    \"http://www.debian.org/security/2016/dsa-3468\",\n                                    \"https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf\",\n                                    \"https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/\",\n                                    \"http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html\",\n                                    \"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01\",\n                                    \"http://lists.opensuse.org/opensuse-updates/2016-08/msg00009.html\"\n                                ],\n                                \"description\": \"Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session.  NOTE: this identifier was SPLIT from CVE-2015-5291 per ADT3 due to different affected version ranges.\",\n                                \"datePublished\": \"2015-11-02T18:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"f1957f43-fb42-3a95-8c94-1b9cec6bb74b\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\n                                \"baseScoreVersion\": \"2.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session. NOTE: this identifier was SPLIT from CVE-2015-5291 per ADT3 due to different affected version ranges.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2017-14032\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"HIGH\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 8.1,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00075,\n                                \"percentile\": 0.22704\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2017-5547\",\n                                \"epss\": \"0.0800\",\n                                \"aliases\": [\n                                    \"CVE-2017-14032\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"8.1\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2017-14032.html\",\n                                    \"https://www.debian.org/security/2017/dsa-3967\",\n                                    \"https://advisories.mageia.org/CVE-2017-14032.html\",\n                                    \"http://www.debian.org/security/2017/dsa-3967\",\n                                    \"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02\",\n                                    \"https://github.com/ARMmbed/mbedtls/commit/31458a18788b0cf0b722acda9bb2f2fe13a3fb32\",\n                                    \"https://github.com/ARMmbed/mbedtls/commit/d15795acd5074e0b44e71f7ede8bdfe1b48591fc\",\n                                    \"https://bugs.debian.org/873557\"\n                                ],\n                                \"description\": \"ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected.\",\n                                \"datePublished\": \"2017-08-30T18:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"d24bf146-144e-36c7-9e15-1c6a63c2440b\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2017-18187\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"CRITICAL\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 9.8,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00563,\n                                \"percentile\": 0.67471\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2017-9322\",\n                                \"epss\": \"0.5600\",\n                                \"aliases\": [\n                                    \"CVE-2017-18187\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"9.8\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2017-18187.html\",\n                                    \"https://www.debian.org/security/2018/dsa-4147\",\n                                    \"https://www.debian.org/security/2018/dsa-4138\",\n                                    \"https://ubuntu.com/security/CVE-2017-18187\",\n                                    \"https://github.com/ARMmbed/mbedtls/commit/83c9f495ffe70c7dd280b41fdfd4881485a3bc28\",\n                                    \"https://security.gentoo.org/glsa/201804-19\",\n                                    \"https://github.com/ARMmbed/mbedtls/blob/master/ChangeLog\",\n                                    \"http://www.securityfocus.com/bid/103055\",\n                                    \"https://usn.ubuntu.com/4267-1/\"\n                                ],\n                                \"description\": \"In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c.\",\n                                \"datePublished\": \"2018-02-14T16:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"59891091-29cc-33b0-b3e4-adc90a8f9f4c\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2017-2784\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"HIGH\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 8.1,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.0418,\n                                \"percentile\": 0.88209\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2017-11927\",\n                                \"epss\": \"4.1800\",\n                                \"aliases\": [\n                                    \"CVE-2017-2784\"\n                                ],\n                                \"assigner\": \"talos\",\n                                \"baseScore\": \"8.1\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2017-2784.html\",\n                                    \"https://advisories.mageia.org/CVE-2017-2784.html\",\n                                    \"https://security.archlinux.org/CVE-2017-2784\",\n                                    \"https://security.gentoo.org/glsa/201706-18\",\n                                    \"http://www.talosintelligence.com/reports/TALOS-2017-0274/\",\n                                    \"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01\"\n                                ],\n                                \"description\": \"An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications.\",\n                                \"datePublished\": \"2017-04-20T16:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"6316e401-51aa-3b8f-aa20-e9bf7185949f\",\n                                        \"product\": {\n                                            \"name\": \"mbed TLS\"\n                                        },\n                                        \"product_version\": \"2.4.0\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2018-0487\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"CRITICAL\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 9.8,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.0487,\n                                \"percentile\": 0.89082\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2018-1310\",\n                                \"epss\": \"4.8700\",\n                                \"aliases\": [\n                                    \"CVE-2018-0487\"\n                                ],\n                                \"assigner\": \"debian\",\n                                \"baseScore\": \"9.8\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2018-0487.html\",\n                                    \"https://www.debian.org/security/2018/dsa-4147\",\n                                    \"https://www.debian.org/security/2018/dsa-4138\",\n                                    \"https://ubuntu.com/security/CVE-2018-0487\",\n                                    \"https://advisories.mageia.org/CVE-2018-0487.html\",\n                                    \"https://security.archlinux.org/CVE-2018-0487\",\n                                    \"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01\",\n                                    \"http://www.securityfocus.com/bid/103056\",\n                                    \"https://security.gentoo.org/glsa/201804-19\",\n                                    \"https://usn.ubuntu.com/4267-1/\"\n                                ],\n                                \"description\": \"ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session.\",\n                                \"datePublished\": \"2018-02-13T14:00:00.000Z\",\n                                \"enisaidproduct\": [],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2018-0488\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"CRITICAL\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 9.8,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.03563,\n                                \"percentile\": 0.87224\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2018-1311\",\n                                \"epss\": \"3.5600\",\n                                \"aliases\": [\n                                    \"CVE-2018-0488\"\n                                ],\n                                \"assigner\": \"debian\",\n                                \"baseScore\": \"9.8\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2018-0488.html\",\n                                    \"https://www.debian.org/security/2018/dsa-4147\",\n                                    \"https://www.debian.org/security/2018/dsa-4138\",\n                                    \"https://ubuntu.com/security/CVE-2018-0488\",\n                                    \"https://advisories.mageia.org/CVE-2018-0488.html\",\n                                    \"https://security.archlinux.org/CVE-2018-0488\",\n                                    \"http://www.securityfocus.com/bid/103057\",\n                                    \"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01\",\n                                    \"https://security.gentoo.org/glsa/201804-19\",\n                                    \"https://usn.ubuntu.com/4267-1/\"\n                                ],\n                                \"description\": \"ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.\",\n                                \"datePublished\": \"2018-02-13T14:00:00.000Z\",\n                                \"enisaidproduct\": [],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2018-0497\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 5.9,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00619,\n                                \"percentile\": 0.6919\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2018-1320\",\n                                \"epss\": \"0.6200\",\n                                \"aliases\": [\n                                    \"CVE-2018-0497\"\n                                ],\n                                \"assigner\": \"debian\",\n                                \"baseScore\": \"5.9\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2018-0497.html\",\n                                    \"https://www.debian.org/security/2018/dsa-4296\",\n                                    \"https://ubuntu.com/security/CVE-2018-0497\",\n                                    \"https://advisories.mageia.org/CVE-2018-0497.html\",\n                                    \"https://security.archlinux.org/CVE-2018-0497\",\n                                    \"https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html\",\n                                    \"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02\",\n                                    \"https://usn.ubuntu.com/4267-1/\"\n                                ],\n                                \"description\": \"ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix (with a wrong SHA-384 calculation) for CVE-2013-0169.\",\n                                \"datePublished\": \"2018-07-28T15:00:00.000Z\",\n                                \"enisaidproduct\": [],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix (with a wrong SHA-384 calculation) for CVE-2013-0169.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2018-0498\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 4.7,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00208,\n                                \"percentile\": 0.43168\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2018-1321\",\n                                \"epss\": \"0.2100\",\n                                \"aliases\": [\n                                    \"CVE-2018-0498\"\n                                ],\n                                \"assigner\": \"debian\",\n                                \"baseScore\": \"4.7\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2018-0498.html\",\n                                    \"https://www.debian.org/security/2018/dsa-4296\",\n                                    \"https://ubuntu.com/security/CVE-2018-0498\",\n                                    \"https://advisories.mageia.org/CVE-2018-0498.html\",\n                                    \"https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html\",\n                                    \"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02\",\n                                    \"https://usn.ubuntu.com/4267-1/\"\n                                ],\n                                \"description\": \"ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack.\",\n                                \"datePublished\": \"2018-07-28T15:00:00.000Z\",\n                                \"enisaidproduct\": [],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2018-1000520\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"HIGH\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 7.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00104,\n                                \"percentile\": 0.28953\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2018-1915\",\n                                \"epss\": \"0.1000\",\n                                \"aliases\": [\n                                    \"CVE-2018-1000520\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"7.5\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2018-1000520.html\",\n                                    \"https://github.com/ARMmbed/mbedtls/issues/1561\"\n                                ],\n                                \"description\": \"ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. This attack appear to be exploitable via Peers negotiate a TLS-ECDH-RSA-* ciphersuite. Any of the peers can then provide an ECDSA-signed certificate, when only an RSA-signed one should be accepted..\",\n                                \"datePublished\": \"2018-06-26T14:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"7853efbb-55d1-37a6-99e5-f9ea4d3548f9\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. This attack appear to be exploitable via Peers negotiate a TLS-ECDH-RSA-* ciphersuite. Any of the peers can then provide an ECDSA-signed certificate, when only an RSA-signed one should be accepted..\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2018-19608\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 4.7,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.0024,\n                                \"percentile\": 0.46927\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2018-11296\",\n                                \"epss\": \"0.2400\",\n                                \"aliases\": [\n                                    \"CVE-2018-19608\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"4.7\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2018-19608.html\",\n                                    \"https://advisories.mageia.org/CVE-2018-19608.html\",\n                                    \"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-03\",\n                                    \"http://cat.eyalro.net/\",\n                                    \"https://tls.mbed.org/tech-updates/releases/mbedtls-2.14.1-2.7.8-and-2.1.17-released\"\n                                ],\n                                \"description\": \"Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites.\",\n                                \"datePublished\": \"2018-12-05T21:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"64347312-5974-3b49-a364-c0bd38a13c81\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\",\n                                \"baseScoreVersion\": \"3.0\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2018-9988\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"HIGH\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 7.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00467,\n                                \"percentile\": 0.63616\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2018-21580\",\n                                \"epss\": \"0.4700\",\n                                \"aliases\": [\n                                    \"CVE-2018-9988\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"7.5\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2018-9988.html\",\n                                    \"https://advisories.mageia.org/CVE-2018-9988.html\",\n                                    \"https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html\",\n                                    \"https://github.com/ARMmbed/mbedtls/commit/a1098f81c252b317ad34ea978aea2bc47760b215\",\n                                    \"https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released\",\n                                    \"https://github.com/ARMmbed/mbedtls/commit/027f84c69f4ef30c0693832a6c396ef19e563ca1\",\n                                    \"https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html\"\n                                ],\n                                \"description\": \"ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.\",\n                                \"datePublished\": \"2018-04-10T17:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"64ff3de3-35eb-3d5a-b1ca-60dbc600b2bb\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2018-9989\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"HIGH\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 7.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00467,\n                                \"percentile\": 0.63616\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2018-21581\",\n                                \"epss\": \"0.4700\",\n                                \"aliases\": [\n                                    \"CVE-2018-9989\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"7.5\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2018-9989.html\",\n                                    \"https://advisories.mageia.org/CVE-2018-9989.html\",\n                                    \"https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html\",\n                                    \"https://github.com/ARMmbed/mbedtls/commit/5224a7544c95552553e2e6be0b4a789956a6464e\",\n                                    \"https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released\",\n                                    \"https://github.com/ARMmbed/mbedtls/commit/740b218386083dc708ce98ccc94a63a95cd5629e\",\n                                    \"https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html\"\n                                ],\n                                \"description\": \"ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input.\",\n                                \"datePublished\": \"2018-04-10T17:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"829ed60d-3eb5-3972-9f4e-652ce615b169\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2019-16910\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 5.3,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.0091,\n                                \"percentile\": 0.75076\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2019-7407\",\n                                \"epss\": \"0.9100\",\n                                \"aliases\": [\n                                    \"CVE-2019-16910\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"5.3\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2019-16910.html\",\n                                    \"https://advisories.mageia.org/CVE-2019-16910.html\",\n                                    \"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-10\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEHHH2DOBXB25CAU3Q6E66X723VAYTB5/\",\n                                    \"https://github.com/ARMmbed/mbedtls/commit/298a43a77ec0ed2c19a8c924ddd8571ef3e65dfd\",\n                                    \"https://github.com/ARMmbed/mbedtls/commit/33f66ba6fd234114aa37f0209dac031bb2870a9b\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSFFOROD6IVLADZHNJC2LPDV7FQRP7XB/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGSKQSGR5SOBRBXDSSPTCDSBB5K3GMPF/\",\n                                    \"https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html\"\n                                ],\n                                \"description\": \"Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)\",\n                                \"datePublished\": \"2019-09-25T22:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"8dac650c-b229-3631-af7b-afbc66099db9\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2019-18222\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 4.7,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00079,\n                                \"percentile\": 0.23747\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2019-8022\",\n                                \"epss\": \"0.0800\",\n                                \"aliases\": [\n                                    \"CVE-2019-18222\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"4.7\",\n                                \"references\": [\n                                    \"https://advisories.mageia.org/CVE-2019-18222.html\",\n                                    \"https://security.archlinux.org/CVE-2019-18222\",\n                                    \"https://www.suse.com/security/cve/CVE-2019-18222.html\",\n                                    \"https://tls.mbed.org/tech-updates/security-advisories\",\n                                    \"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NGDACU65MYZXXVPQP2EBHUJGOR4RWLVY/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3GWQNONS7GRORXZJ7MOJFUEJ2ZJ4OUW/\",\n                                    \"https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html\"\n                                ],\n                                \"description\": \"The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.\",\n                                \"datePublished\": \"2020-01-22T23:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"67455608-90d1-316b-ae9a-8d779bb0f3c9\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2020-10932\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 4.7,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00027,\n                                \"percentile\": 0.06434\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2020-3338\",\n                                \"epss\": \"0.0300\",\n                                \"aliases\": [\n                                    \"CVE-2020-10932\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"4.7\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2020-10932.html\",\n                                    \"https://advisories.mageia.org/CVE-2020-10932.html\",\n                                    \"https://security.archlinux.org/CVE-2020-10932\",\n                                    \"https://tls.mbed.org/tech-updates/security-advisories\",\n                                    \"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04\",\n                                    \"https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCWN5HIF4CJ2LZTOMEBJ7Q4IMMV7ZU2V/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNOS2IIBH5WNJXZUV546PY7666DE7Y3L/\",\n                                    \"https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html\"\n                                ],\n                                \"description\": \"An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to affine coordinates; (2) using an attack described by Naccache, Smart, and Stern in 2003 to recover a few bits of the ephemeral scalar from those projective coordinates via several measurements; and (3) using a lattice attack to get from there to the long-term ECDSA private key used for the signatures. Typically an attacker would have sufficient access when attacking an SGX enclave and controlling the untrusted OS.\",\n                                \"datePublished\": \"2020-04-14T22:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"924861ab-2d23-3e75-adf2-455a6ac48007\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to affine coordinates; (2) using an attack described by Naccache, Smart, and Stern in 2003 to recover a few bits of the ephemeral scalar from those projective coordinates via several measurements; and (3) using a lattice attack to get from there to the long-term ECDSA private key used for the signatures. Typically an attacker would have sufficient access when attacking an SGX enclave and controlling the untrusted OS.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2020-10941\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 5.9,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.0075,\n                                \"percentile\": 0.72333\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2020-3346\",\n                                \"epss\": \"0.7500\",\n                                \"aliases\": [\n                                    \"CVE-2020-10941\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"5.9\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2020-10941.html\",\n                                    \"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5JPE2HFBDJF3UBT6Q4VWLKNKCVCMX25J/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WD6OSOLLAR2AVPJAMGUKWRXN6477IHHV/\",\n                                    \"https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html\"\n                                ],\n                                \"description\": \"Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.\",\n                                \"datePublished\": \"2020-03-23T23:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"22cc44e5-47d5-3b05-aff0-dcb351cbc93f\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2020-16150\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 5.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00071,\n                                \"percentile\": 0.2177\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2020-8116\",\n                                \"epss\": \"0.0700\",\n                                \"aliases\": [\n                                    \"CVE-2020-16150\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"5.5\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2020-16150.html\",\n                                    \"https://advisories.mageia.org/CVE-2020-16150.html\",\n                                    \"https://security.archlinux.org/CVE-2020-16150\",\n                                    \"https://tls.mbed.org/tech-updates/security-advisories\",\n                                    \"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OSOFUD6UTGTDDSQRS62BPXDU52I6PUA/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRPBHCQKZXHVKOP5O5EWE7P76AWGUXQJ/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD3NM6GD73CTFFRBKG5G2ACXGG7QQHCC/\",\n                                    \"https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html\"\n                                ],\n                                \"description\": \"A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length.\",\n                                \"datePublished\": \"2020-09-01T22:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"7ac3ae8d-ff72-3c84-9b9c-efa557b48a3a\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2020-36421\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 5.3,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.0019,\n                                \"percentile\": 0.41052\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2020-23949\",\n                                \"epss\": \"0.1900\",\n                                \"aliases\": [\n                                    \"CVE-2020-36421\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"5.3\",\n                                \"references\": [\n                                    \"https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.7\",\n                                    \"https://github.com/ARMmbed/mbedtls/releases/tag/v2.23.0\",\n                                    \"https://github.com/ARMmbed/mbedtls/issues/3394\",\n                                    \"https://bugs.gentoo.org/730752\",\n                                    \"https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html\"\n                                ],\n                                \"description\": \"An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a side channel in modular exponentiation, an RSA private key used in a secure enclave could be disclosed.\",\n                                \"datePublished\": \"2021-07-18T22:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"0326a2e4-c302-3d3d-98c1-b0d81c979d34\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a side channel in modular exponentiation, an RSA private key used in a secure enclave could be disclosed.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2020-36422\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 5.3,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00174,\n                                \"percentile\": 0.39116\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2020-23950\",\n                                \"epss\": \"0.1700\",\n                                \"aliases\": [\n                                    \"CVE-2020-36422\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"5.3\",\n                                \"references\": [\n                                    \"https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.7\",\n                                    \"https://github.com/ARMmbed/mbedtls/releases/tag/v2.23.0\",\n                                    \"https://bugs.gentoo.org/730752\",\n                                    \"https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html\"\n                                ],\n                                \"description\": \"An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel allows recovery of an ECC private key, related to mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbedtls_ecp_mul, and mbedtls_ecp_mul_restartable.\",\n                                \"datePublished\": \"2021-07-18T22:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"03eec76d-9693-3754-9fa8-0d59741364d4\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel allows recovery of an ECC private key, related to mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbedtls_ecp_mul, and mbedtls_ecp_mul_restartable.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2020-36423\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"HIGH\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 7.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00202,\n                                \"percentile\": 0.42391\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2020-23951\",\n                                \"epss\": \"0.2000\",\n                                \"aliases\": [\n                                    \"CVE-2020-36423\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"7.5\",\n                                \"references\": [\n                                    \"https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.7\",\n                                    \"https://github.com/ARMmbed/mbedtls/releases/tag/v2.23.0\",\n                                    \"https://bugs.gentoo.org/730752\",\n                                    \"https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html\"\n                                ],\n                                \"description\": \"An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator.\",\n                                \"datePublished\": \"2021-07-18T22:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"0d67223a-a8bd-3561-900e-20dc61c1ca83\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2020-36424\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 4.7,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00085,\n                                \"percentile\": 0.25186\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2020-23952\",\n                                \"epss\": \"0.0800\",\n                                \"aliases\": [\n                                    \"CVE-2020-36424\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"4.7\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2020-36424.html\",\n                                    \"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-2\",\n                                    \"https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.17\",\n                                    \"https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8\",\n                                    \"https://github.com/ARMmbed/mbedtls/releases/tag/v2.24.0\",\n                                    \"https://bugs.gentoo.org/740108\",\n                                    \"https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html\"\n                                ],\n                                \"description\": \"An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key (for RSA or static Diffie-Hellman) via a side-channel attack against generation of base blinding/unblinding values.\",\n                                \"datePublished\": \"2021-07-18T22:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"3f590d8d-b4f5-37af-8b4f-cc2b29147a39\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key (for RSA or static Diffie-Hellman) via a side-channel attack against generation of base blinding/unblinding values.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2020-36425\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 5.3,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00299,\n                                \"percentile\": 0.52779\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2020-23953\",\n                                \"epss\": \"0.3000\",\n                                \"aliases\": [\n                                    \"CVE-2020-36425\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"5.3\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2020-36425.html\",\n                                    \"https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.17\",\n                                    \"https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8\",\n                                    \"https://github.com/ARMmbed/mbedtls/releases/tag/v2.24.0\",\n                                    \"https://bugs.gentoo.org/740108\",\n                                    \"https://github.com/ARMmbed/mbedtls/pull/3433\",\n                                    \"https://github.com/ARMmbed/mbedtls/issues/3340\",\n                                    \"https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html\"\n                                ],\n                                \"description\": \"An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock.\",\n                                \"datePublished\": \"2021-07-18T22:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"e931352b-0135-32b1-a07a-66c53792c27f\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2020-36426\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"HIGH\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 7.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00225,\n                                \"percentile\": 0.4508\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2020-23954\",\n                                \"epss\": \"0.2200\",\n                                \"aliases\": [\n                                    \"CVE-2020-36426\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"7.5\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2020-36426.html\",\n                                    \"https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.17\",\n                                    \"https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8\",\n                                    \"https://github.com/ARMmbed/mbedtls/releases/tag/v2.24.0\",\n                                    \"https://bugs.gentoo.org/740108\",\n                                    \"https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html\"\n                                ],\n                                \"description\": \"An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte).\",\n                                \"datePublished\": \"2021-07-18T22:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"4250762d-5e43-3b4b-87ce-01ceb839f88a\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte).\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2020-36475\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"HIGH\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 7.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.0041,\n                                \"percentile\": 0.60587\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2020-23961\",\n                                \"epss\": \"0.4700\",\n                                \"aliases\": [\n                                    \"CVE-2020-36475\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"7.5\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2020-36475.html\",\n                                    \"https://github.com/ARMmbed/mbedtls/releases/tag/v2.25.0\",\n                                    \"https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.9\",\n                                    \"https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.18\",\n                                    \"https://cert-portal.siemens.com/productcert/pdf/ssa-756638.pdf\",\n                                    \"https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html\",\n                                    \"https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html\"\n                                ],\n                                \"description\": \"An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs.\",\n                                \"datePublished\": \"2021-08-22T22:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"60c627a3-9164-3c69-82c1-38505e193094\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2020-36476\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"HIGH\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 7.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00253,\n                                \"percentile\": 0.4843\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2020-23962\",\n                                \"epss\": \"0.2500\",\n                                \"aliases\": [\n                                    \"CVE-2020-36476\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"7.5\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2020-36476.html\",\n                                    \"https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.17\",\n                                    \"https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8\",\n                                    \"https://github.com/ARMmbed/mbedtls/releases/tag/v2.24.0\",\n                                    \"https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html\",\n                                    \"https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html\"\n                                ],\n                                \"description\": \"An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.\",\n                                \"datePublished\": \"2021-08-22T22:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"25dbeebb-d084-3c8c-8f6b-bece826bad24\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2020-36477\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 5.9,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00217,\n                                \"percentile\": 0.44232\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2020-23963\",\n                                \"epss\": \"0.2200\",\n                                \"aliases\": [\n                                    \"CVE-2020-36477\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"5.9\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2020-36477.html\",\n                                    \"https://github.com/ARMmbed/mbedtls/releases/tag/v2.24.0\",\n                                    \"https://github.com/ARMmbed/mbedtls/issues/3498\",\n                                    \"https://security.gentoo.org/glsa/202301-08\"\n                                ],\n                                \"description\": \"An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certificate name is mishandled: when the subjecAltName extension is present, the expected name is compared to any name in that extension regardless of its type. This means that an attacker could impersonate a 4-byte or 16-byte domain by getting a certificate for the corresponding IPv4 or IPv6 address (this would require the attacker to control that IP address, though).\",\n                                \"datePublished\": \"2021-08-22T22:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"8b44abe6-1cfe-3dbf-875a-7c26c03d0236\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certificate name is mishandled: when the subjecAltName extension is present, the expected name is compared to any name in that extension regardless of its type. This means that an attacker could impersonate a 4-byte or 16-byte domain by getting a certificate for the corresponding IPv4 or IPv6 address (this would require the attacker to control that IP address, though).\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2020-36478\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"HIGH\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 7.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.0029,\n                                \"percentile\": 0.52029\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2020-23964\",\n                                \"epss\": \"0.3300\",\n                                \"aliases\": [\n                                    \"CVE-2020-36478\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"7.5\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2020-36478.html\",\n                                    \"https://github.com/ARMmbed/mbedtls/releases/tag/v2.25.0\",\n                                    \"https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.9\",\n                                    \"https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.18\",\n                                    \"https://github.com/ARMmbed/mbedtls/issues/3629\",\n                                    \"https://cert-portal.siemens.com/productcert/pdf/ssa-756638.pdf\",\n                                    \"https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html\",\n                                    \"https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html\"\n                                ],\n                                \"description\": \"An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate should be considered invalid.\",\n                                \"datePublished\": \"2021-08-22T22:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"f32115b3-544e-3e9b-9bb5-2cfa245d4fe6\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate should be considered invalid.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2021-24119\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 4.9,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00258,\n                                \"percentile\": 0.48888\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2021-11034\",\n                                \"epss\": \"0.3400\",\n                                \"aliases\": [\n                                    \"CVE-2021-24119\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"4.9\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2021-24119.html\",\n                                    \"https://security.archlinux.org/CVE-2021-24119\",\n                                    \"https://github.com/ARMmbed/mbedtls/releases\",\n                                    \"https://github.com/UzL-ITS/util-lookup/blob/main/cve-vulnerability-publication.md\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DRRVY7DMTX3ECFNZKDYTSFEG5AI2HBC6/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EYJW7HAW3TDV2YMDFYXP3HD6WRQRTLJW/\",\n                                    \"https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html\",\n                                    \"https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html\",\n                                    \"https://nvd.nist.gov/vuln/detail/CVE-2021-24119\",\n                                    \"https://lists.debian.org/debian-lts-announce/2025/06/msg00034.html\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DRRVY7DMTX3ECFNZKDYTSFEG5AI2HBC6\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EYJW7HAW3TDV2YMDFYXP3HD6WRQRTLJW\"\n                                ],\n                                \"description\": \"In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.\",\n                                \"datePublished\": \"2021-07-13T22:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"05536bfe-936d-3eb3-baab-2f04c504bd08\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2021-36647\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 4.7,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.0005,\n                                \"percentile\": 0.15264\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2021-23243\",\n                                \"epss\": \"0.0400\",\n                                \"aliases\": [\n                                    \"CVE-2021-36647\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"4.7\",\n                                \"references\": [\n                                    \"https://kouzili.com/Load-Step.pdf\",\n                                    \"https://github.com/ARMmbed/mbedtls/releases/\",\n                                    \"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-07-1\",\n                                    \"https://nvd.nist.gov/vuln/detail/CVE-2021-36647\",\n                                    \"https://lists.debian.org/debian-lts-announce/2025/06/msg00034.html\"\n                                ],\n                                \"description\": \"Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) to recover the private keys used in RSA.\",\n                                \"datePublished\": \"2023-01-16T23:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"a88b42f9-0921-30ca-8fe6-cdef8182231f\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) to recover the private keys used in RSA.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2021-43666\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"HIGH\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 7.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00188,\n                                \"percentile\": 0.40783\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2021-30578\",\n                                \"epss\": \"0.1500\",\n                                \"aliases\": [\n                                    \"CVE-2021-43666\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"7.5\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2021-43666.html\",\n                                    \"https://github.com/ARMmbed/mbedtls/issues/5136\",\n                                    \"https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html\",\n                                    \"https://nvd.nist.gov/vuln/detail/CVE-2021-43666\",\n                                    \"https://lists.debian.org/debian-lts-announce/2025/06/msg00034.html\"\n                                ],\n                                \"description\": \"A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0.\",\n                                \"datePublished\": \"2022-03-23T23:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"7f1b0967-c91c-3f46-991e-745d0684e12b\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2021-44732\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"CRITICAL\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 9.8,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00676,\n                                \"percentile\": 0.70683\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2021-31547\",\n                                \"epss\": \"0.9300\",\n                                \"aliases\": [\n                                    \"CVE-2021-44732\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"9.8\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2021-44732.html\",\n                                    \"https://advisories.mageia.org/CVE-2021-44732.html\",\n                                    \"https://github.com/ARMmbed/mbedtls/releases\",\n                                    \"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-12\",\n                                    \"https://bugs.gentoo.org/829660\",\n                                    \"https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.12\",\n                                    \"https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.0\",\n                                    \"https://github.com/ARMmbed/mbedtls/releases/tag/v3.1.0\",\n                                    \"https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html\",\n                                    \"https://nvd.nist.gov/vuln/detail/CVE-2021-44732\",\n                                    \"https://lists.debian.org/debian-lts-announce/2025/06/msg00034.html\"\n                                ],\n                                \"description\": \"Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.\",\n                                \"datePublished\": \"2021-12-19T23:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"4d21d20a-9548-3ec9-842c-77b0b8befb5a\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2021-45450\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"HIGH\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 7.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00052,\n                                \"percentile\": 0.16256\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2021-32221\",\n                                \"epss\": \"0.0700\",\n                                \"aliases\": [\n                                    \"CVE-2021-45450\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"7.5\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2021-45450.html\",\n                                    \"https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.0\",\n                                    \"https://github.com/ARMmbed/mbedtls/releases/tag/v3.1.0\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TALJHOYAYSUJTLN6BYGLO4YJGNZUY74W/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IL66WKJGXY5AXMTFE7QDMGL3RIBD6PX5/\",\n                                    \"https://security.gentoo.org/glsa/202301-08\"\n                                ],\n                                \"description\": \"In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.\",\n                                \"datePublished\": \"2021-12-20T23:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"ac3afb85-9277-3e0f-b772-fa74054ec39e\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2021-45451\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"HIGH\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 7.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.0008,\n                                \"percentile\": 0.24019\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2021-32222\",\n                                \"epss\": \"0.1200\",\n                                \"aliases\": [\n                                    \"CVE-2021-45451\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"7.5\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2021-45451.html\",\n                                    \"https://github.com/ARMmbed/mbedtls/releases/tag/v3.1.0\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TALJHOYAYSUJTLN6BYGLO4YJGNZUY74W/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IL66WKJGXY5AXMTFE7QDMGL3RIBD6PX5/\"\n                                ],\n                                \"description\": \"In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.\",\n                                \"datePublished\": \"2021-12-20T23:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"76c64d3d-1002-301f-9fb1-58c0e20bfb59\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2022-35409\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"CRITICAL\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 9.1,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00838,\n                                \"percentile\": 0.73918\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2022-38299\",\n                                \"epss\": \"0.7900\",\n                                \"aliases\": [\n                                    \"CVE-2022-35409\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"9.1\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2022-35409.html\",\n                                    \"https://advisories.mageia.org/CVE-2022-35409.html\",\n                                    \"https://github.com/Mbed-TLS/mbedtls/releases\",\n                                    \"https://mbed-tls.readthedocs.io/en/latest/security-advisories/advisories/mbedtls-security-advisory-2022-07.html\",\n                                    \"https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html\"\n                                ],\n                                \"description\": \"An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to 571 bytes with a custom cookie check function.\",\n                                \"datePublished\": \"2022-07-14T22:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"89622a6d-a955-3b25-b394-b04601336dcb\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to 571 bytes with a custom cookie check function.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2022-46392\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 5.3,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00146,\n                                \"percentile\": 0.35564\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2022-49201\",\n                                \"epss\": \"0.1300\",\n                                \"aliases\": [\n                                    \"CVE-2022-46392\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"5.3\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2022-46392.html\",\n                                    \"https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0\",\n                                    \"https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BR7ZCVKLPGCOEEALUHZMFHXQHR6S4QL/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XMKJ5IMJEPXYAHHU56Z4P2FSYIEAESB/\",\n                                    \"https://nvd.nist.gov/vuln/detail/CVE-2022-46392\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BR7ZCVKLPGCOEEALUHZMFHXQHR6S4QL\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XMKJ5IMJEPXYAHHU56Z4P2FSYIEAESB\",\n                                    \"https://lists.debian.org/debian-lts-announce/2025/06/msg00034.html\"\n                                ],\n                                \"description\": \"An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.\",\n                                \"datePublished\": \"2022-12-14T23:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"19acd60b-2a04-3052-94f0-631247384eaf\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2022-46393\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"CRITICAL\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 9.8,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00862,\n                                \"percentile\": 0.74326\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2022-49202\",\n                                \"epss\": \"0.8600\",\n                                \"aliases\": [\n                                    \"CVE-2022-46393\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"9.8\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2022-46393.html\",\n                                    \"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/\",\n                                    \"https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0\",\n                                    \"https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BR7ZCVKLPGCOEEALUHZMFHXQHR6S4QL/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XMKJ5IMJEPXYAHHU56Z4P2FSYIEAESB/\",\n                                    \"https://nvd.nist.gov/vuln/detail/CVE-2022-46393\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BR7ZCVKLPGCOEEALUHZMFHXQHR6S4QL\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XMKJ5IMJEPXYAHHU56Z4P2FSYIEAESB\"\n                                ],\n                                \"description\": \"An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.\",\n                                \"datePublished\": \"2022-12-15T23:30:44.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"dc6b51ef-84e5-394c-b33e-1273bf9293ce\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2023-43615\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"HIGH\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 7.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00309,\n                                \"percentile\": 0.53566\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2023-48021\",\n                                \"epss\": \"0.3100\",\n                                \"aliases\": [\n                                    \"CVE-2023-43615\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"7.5\",\n                                \"references\": [\n                                    \"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2023-10-1/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7SB7L6A56QZALDTOZ6O4X7PTC4I647R/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGRB5MO2KUJKYPMGXMIZH2WRH6QR5UZS/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BDSHAANRULB57GVS5B3DZHXL5KCC7OWQ/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7SB7L6A56QZALDTOZ6O4X7PTC4I647R/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGRB5MO2KUJKYPMGXMIZH2WRH6QR5UZS/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BDSHAANRULB57GVS5B3DZHXL5KCC7OWQ/\"\n                                ],\n                                \"description\": \"Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.\",\n                                \"datePublished\": \"2023-10-06T22:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"595e5638-4cca-343c-a374-859ecf55671f\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2023-45199\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"CRITICAL\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 9.8,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.0504,\n                                \"percentile\": 0.89273\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2023-49506\",\n                                \"epss\": \"5.0400\",\n                                \"aliases\": [\n                                    \"CVE-2023-45199\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"9.8\",\n                                \"references\": [\n                                    \"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2023-10-2/\"\n                                ],\n                                \"description\": \"Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution.\",\n                                \"datePublished\": \"2023-10-06T22:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"252367a4-2ee7-3e2b-a0ac-f929cb13b534\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2023-52353\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"HIGH\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 7.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00052,\n                                \"percentile\": 0.1616\n                            },\n                            \"euvd\": null,\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2024-23170\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 5.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00175,\n                                \"percentile\": 0.39242\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2024-20689\",\n                                \"epss\": \"0.1800\",\n                                \"aliases\": [\n                                    \"CVE-2024-23170\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"5.5\",\n                                \"references\": [\n                                    \"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/\",\n                                    \"https://nvd.nist.gov/vuln/detail/CVE-2024-23170\"\n                                ],\n                                \"description\": \"An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in \\\"Everlasting ROBOT: the Marvin Attack\\\" by Hubert Kario.\",\n                                \"datePublished\": \"2024-01-30T23:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"0e0aa904-5a92-3506-9203-be073e38c57d\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        }\n                                    },\n                                    {\n                                        \"id\": \"90f0d7a6-12ca-3004-97c7-8ad3926802ec\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in \\\"Everlasting ROBOT: the Marvin Attack\\\" by Hubert Kario.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2024-23744\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"HIGH\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 7.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00049,\n                                \"percentile\": 0.15044\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2024-21200\",\n                                \"epss\": \"0.0500\",\n                                \"aliases\": [\n                                    \"CVE-2024-23744\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"7.5\",\n                                \"references\": [\n                                    \"https://github.com/Mbed-TLS/mbedtls/issues/8694\"\n                                ],\n                                \"description\": \"An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions.\",\n                                \"datePublished\": \"2024-01-20T23:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"ca86de5b-f6ae-3790-8a8c-8aca31970f13\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    },\n                                    {\n                                        \"id\": \"f03142ce-770f-3d58-a6f3-671a9ab6bbe9\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        }\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2024-23775\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"HIGH\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 7.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00291,\n                                \"percentile\": 0.5204\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2024-21228\",\n                                \"epss\": \"0.2900\",\n                                \"aliases\": [\n                                    \"CVE-2024-23775\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"7.5\",\n                                \"references\": [\n                                    \"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/\",\n                                    \"https://nvd.nist.gov/vuln/detail/CVE-2024-23775\"\n                                ],\n                                \"description\": \"Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().\",\n                                \"datePublished\": \"2024-01-30T23:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"7c015b5a-5b1c-33bd-9b4d-1fabe8fe501b\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        }\n                                    },\n                                    {\n                                        \"id\": \"b772fd01-6fe0-3837-8eee-f09097537de5\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2024-28755\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 6.5,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00127,\n                                \"percentile\": 0.32806\n                            },\n                            \"euvd\": null,\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL context was reset with the mbedtls_ssl_session_reset() API, the maximum TLS version to be negotiated was not restored to the configured one. An attacker was able to prevent an Mbed TLS server from establishing any TLS 1.3 connection, potentially resulting in a Denial of Service or forced version downgrade from TLS 1.3 to TLS 1.2.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2024-28836\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 5.4,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00331,\n                                \"percentile\": 0.55451\n                            },\n                            \"euvd\": null,\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When negotiating the TLS version on the server side, it can fall back to the TLS 1.2 implementation of the protocol if it is disabled. If the TLS 1.2 implementation was disabled at build time, a TLS 1.2 client could put a TLS 1.3-only server into an infinite loop processing a TLS 1.2 ClientHello, resulting in a denial of service. If the TLS 1.2 implementation was disabled at runtime, a TLS 1.2 client can successfully establish a TLS 1.2 connection with the server.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2024-28960\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"HIGH\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 8.2,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00185,\n                                \"percentile\": 0.40479\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2024-26022\",\n                                \"epss\": \"0.1800\",\n                                \"aliases\": [\n                                    \"CVE-2024-28960\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"8.2\",\n                                \"references\": [\n                                    \"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/\",\n                                    \"https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2024-03.md\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NCDU52ZDA7TX3HC5JCU6ZZIJQOPTNBK6/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6UZNBMKYEV2J5DI7R4BQGL472V7X3WJY/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5YE3QRREGJC6K34JD4LZ5P3IALNX4QYY/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NCDU52ZDA7TX3HC5JCU6ZZIJQOPTNBK6/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6UZNBMKYEV2J5DI7R4BQGL472V7X3WJY/\",\n                                    \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YE3QRREGJC6K34JD4LZ5P3IALNX4QYY/\",\n                                    \"https://nvd.nist.gov/vuln/detail/CVE-2024-28960\"\n                                ],\n                                \"description\": \"An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.\",\n                                \"datePublished\": \"2024-03-28T23:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"2179d077-c779-33bd-9db3-f4534bd291d1\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    },\n                                    {\n                                        \"id\": \"eb8b725c-1076-3cbe-84ef-bd742e8fe485\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        }\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2024-30166\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"CRITICAL\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 9.1,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00478,\n                                \"percentile\": 0.64144\n                            },\n                            \"euvd\": null,\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can cause information disclosure or a denial of service because of a stack buffer over-read (of less than 256 bytes) in a TLS 1.3 server via a TLS 3.1 ClientHello.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2024-45157\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 5.1,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00038,\n                                \"percentile\": 0.10945\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2024-41337\",\n                                \"epss\": \"0.0400\",\n                                \"aliases\": [\n                                    \"CVE-2024-45157\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"5.1\",\n                                \"references\": [\n                                    \"https://mbed-tls.readthedocs.io/en/latest/security-advisories/\",\n                                    \"https://github.com/Mbed-TLS/mbedtls/releases/\",\n                                    \"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-1/\"\n                                ],\n                                \"description\": \"An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled.\",\n                                \"datePublished\": \"2024-09-04T22:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"0f9a2075-b13d-36cb-9b8d-4ab0b5642625\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2024-45158\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"CRITICAL\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 9.8,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00656,\n                                \"percentile\": 0.70205\n                            },\n                            \"euvd\": null,\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. (This never happens in internal library calls, but can affect applications that call these functions directly.)\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2024-45159\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"CRITICAL\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 9.8,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00436,\n                                \"percentile\": 0.62146\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2024-41339\",\n                                \"epss\": \"0.4200\",\n                                \"aliases\": [\n                                    \"CVE-2024-45159\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"9.8\",\n                                \"references\": [\n                                    \"https://mbed-tls.readthedocs.io/en/latest/security-advisories/\",\n                                    \"https://github.com/Mbed-TLS/mbedtls/releases/\",\n                                    \"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-3/\"\n                                ],\n                                \"description\": \"An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in if keyUsage or extKeyUsage extensions, then the return value of mbedtls_ssl_get_verify_result() would incorrectly have the MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_KEY_USAGE bits clear. As a result, an attacker that had a certificate valid for uses other than TLS client authentication would nonetheless be able to use it for TLS client authentication. Only TLS 1.3 servers were affected, and only with optional authentication (with required authentication, the handshake would be aborted with a fatal alert).\",\n                                \"datePublished\": \"2024-09-04T22:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"d672e1cb-b950-3869-8254-ef54f0b2cdca\",\n                                        \"product\": {\n                                            \"name\": \"n/a\"\n                                        },\n                                        \"product_version\": \"n/a\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in if keyUsage or extKeyUsage extensions, then the return value of mbedtls_ssl_get_verify_result() would incorrectly have the MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_KEY_USAGE bits clear. As a result, an attacker that had a certificate valid for uses other than TLS client authentication would nonetheless be able to use it for TLS client authentication. Only TLS 1.3 servers were affected, and only with optional authentication (with required authentication, the handshake would be aborted with a fatal alert).\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2024-49195\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"CRITICAL\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 9.8,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00571,\n                                \"percentile\": 0.67757\n                            },\n                            \"euvd\": null,\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2025-27809\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 5.4,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00045,\n                                \"percentile\": 0.13393\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2025-8055\",\n                                \"epss\": \"0.0600\",\n                                \"aliases\": [\n                                    \"CVE-2025-27809\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"5.4\",\n                                \"references\": [\n                                    \"https://github.com/Mbed-TLS/mbedtls/releases\",\n                                    \"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-1/\"\n                                ],\n                                \"description\": \"Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.\",\n                                \"datePublished\": \"2025-03-24T23:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"86415959-e51a-3bf5-97a5-c81c9bac93b8\",\n                                        \"product\": {\n                                            \"name\": \"mbedtls\"\n                                        },\n                                        \"product_version\": \"0 <2.28.10\"\n                                    },\n                                    {\n                                        \"id\": \"edc43e05-941b-353d-8e7e-8ac117e77afb\",\n                                        \"product\": {\n                                            \"name\": \"mbedtls\"\n                                        },\n                                        \"product_version\": \"3.0.0 <3.6.3\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2025-27810\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 5.4,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.0006,\n                                \"percentile\": 0.18504\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2025-14831\",\n                                \"epss\": \"0.0700\",\n                                \"aliases\": [\n                                    \"CVE-2025-27810\"\n                                ],\n                                \"assigner\": \"mitre\",\n                                \"baseScore\": \"5.4\",\n                                \"references\": [\n                                    \"https://github.com/Mbed-TLS/mbedtls/releases\",\n                                    \"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/\"\n                                ],\n                                \"description\": \"Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays.\",\n                                \"datePublished\": \"2025-03-24T23:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"6542f376-f892-3ca2-9b07-a0bb42f568ca\",\n                                        \"product\": {\n                                            \"name\": \"mbedtls\"\n                                        },\n                                        \"product_version\": \"0 <2.28.10\"\n                                    },\n                                    {\n                                        \"id\": \"bd799ac3-559a-3d14-8cb8-b080513310c7\",\n                                        \"product\": {\n                                            \"name\": \"mbedtls\"\n                                        },\n                                        \"product_version\": \"3.0.0 <3.6.3\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2025-47917\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"HIGH\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 8.9,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.03858,\n                                \"percentile\": 0.87723\n                            },\n                            \"euvd\": null,\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtls_x509_string_to_names() takes a head argument that is documented as an output argument. The documentation does not suggest that the function will free that pointer; however, the function does call mbedtls_asn1_free_named_data_list() on that argument, which performs a deep free(). As a result, application code that uses this function (relying only on documented behavior) is likely to still hold pointers to the memory blocks that were freed, resulting in a high risk of use-after-free or double-free. In particular, the two sample programs x509/cert_write and x509/cert_req are affected (use-after-free if the san string contains more than one DN).\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2025-48965\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 4,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00096,\n                                \"percentile\": 0.27264\n                            },\n                            \"euvd\": null,\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL but val.len greater than zero.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2025-49087\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 4,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00065,\n                                \"percentile\": 0.20194\n                            },\n                            \"euvd\": null,\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS#7 padding mode is used.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2025-49600\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 4.9,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00011,\n                                \"percentile\": 0.01044\n                            },\n                            \"euvd\": null,\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_verify may accept invalid signatures if hash computation fails and internal errors go unchecked, enabling LMS (Leighton-Micali Signature) forgery in a fault scenario. Specifically, unchecked return values in mbedtls_lms_verify allow an attacker (who can induce a hardware hash accelerator fault) to bypass LMS signature verification by reusing stale stack data, resulting in acceptance of an invalid signature. In mbedtls_lms_verify, the return values of the internal Merkle tree functions create_merkle_leaf_value and create_merkle_internal_value are not checked. These functions return an integer that indicates whether the call succeeded or not. If a failure occurs, the output buffer (Tc_candidate_root_node) may remain uninitialized, and the result of the signature verification is unpredictable. When the software implementation of SHA-256 is used, these functions will not fail. However, with hardware-accelerated hashing, an attacker could use fault injection against the accelerator to bypass verification.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2025-49601\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 4.8,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00072,\n                                \"percentile\": 0.22022\n                            },\n                            \"euvd\": null,\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_import_public_key does not check that the input buffer is at least 4 bytes before reading a 32-bit field, allowing a possible out-of-bounds read on truncated input. Specifically, an out-of-bounds read in mbedtls_lms_import_public_key allows context-dependent attackers to trigger a crash or limited adjacent-memory disclosure by supplying a truncated LMS (Leighton-Micali Signature) public-key buffer under four bytes. An LMS public key starts with a 4-byte type indicator. The function mbedtls_lms_import_public_key reads this type indicator before validating the size of its input.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2025-52496\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"HIGH\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 7.8,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00029,\n                                \"percentile\": 0.07131\n                            },\n                            \"euvd\": null,\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2025-52497\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 4.8,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00103,\n                                \"percentile\": 0.28781\n                            },\n                            \"euvd\": null,\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_buffer and two mbedtls_pk_parse functions, via untrusted PEM input.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2025-54764\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 6.2,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00015,\n                                \"percentile\": 0.02111\n                            },\n                            \"euvd\": null,\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/mbedtls@3.6.0\",\n                        \"cve_id\": \"CVE-2025-59438\",\n                        \"version\": \"3.6.0\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"mbedtls\",\n                        \"cvss_score\": 5.3,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00036,\n                                \"percentile\": 0.10124\n                            },\n                            \"euvd\": null,\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"Mbed TLS through 3.6.4 has an Observable Timing Discrepancy.\"\n                    },\n                    {\n                        \"cpe\": \"cpe:2.3:h:arm:cortex-r:5:*:*:*:*:*:*:*\",\n                        \"purl\": \"pkg:generic/arm/cortex-r@5\",\n                        \"cve_id\": \"CVE-2018-3693\",\n                        \"version\": \"5\",\n                        \"enriched\": true,\n                        \"severity\": \"MEDIUM\",\n                        \"component\": \"cortex-r\",\n                        \"cvss_score\": 5.6,\n                        \"enrichment\": {\n                            \"kev\": false,\n                            \"epss\": {\n                                \"score\": 0.00916,\n                                \"percentile\": 0.75175\n                            },\n                            \"euvd\": {\n                                \"id\": \"EUVD-2018-15547\",\n                                \"epss\": \"0.9200\",\n                                \"aliases\": [\n                                    \"CVE-2018-3693\"\n                                ],\n                                \"assigner\": \"intel\",\n                                \"baseScore\": \"5.6\",\n                                \"references\": [\n                                    \"https://www.suse.com/security/cve/CVE-2018-3693.html\",\n                                    \"https://access.redhat.com/errata/RHSA-2020:0174\",\n                                    \"https://access.redhat.com/errata/RHSA-2019:1946\",\n                                    \"https://access.redhat.com/errata/RHSA-2018:2395\",\n                                    \"https://access.redhat.com/errata/RHSA-2018:2390\",\n                                    \"https://access.redhat.com/errata/RHSA-2018:2384\",\n                                    \"https://alas.aws.amazon.com/cve/html/CVE-2018-3693.html\",\n                                    \"https://linux.oracle.com/cve/CVE-2018-3693.html\",\n                                    \"https://www.oracle.com/security-alerts/cpujul2020.html\",\n                                    \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\n                                    \"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0\",\n                                    \"https://security.netapp.com/advisory/ntap-20180823-0001/\",\n                                    \"https://www.oracle.com/security-alerts/cpuoct2020.html\",\n                                    \"https://cdrdv2.intel.com/v1/dl/getContent/685359\"\n                                ],\n                                \"description\": \"Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.\",\n                                \"datePublished\": \"2018-07-10T19:00:00.000Z\",\n                                \"enisaidproduct\": [\n                                    {\n                                        \"id\": \"6e778d4a-8d93-3884-b36c-e2bef907c406\",\n                                        \"product\": {\n                                            \"name\": \"Most Modern Operating Systems\"\n                                        },\n                                        \"product_version\": \"All\"\n                                    }\n                                ],\n                                \"baseScoreVector\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\",\n                                \"baseScoreVersion\": \"3.1\"\n                            },\n                            \"cisaKev\": null\n                        },\n                        \"description\": \"Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.\"\n                    }\n                ],\n                \"total_vulnerabilities\": 130\n            },\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"updated_at\": \"2025-12-15T10:41:12.102Z\"\n        }\n    ]\n}"}],"_postman_id":"5e51f1d5-f7c3-4ca5-913d-755c78219b2b"},{"name":"Vulnerability Distribution","id":"9159bcab-f180-4a4e-80e6-b87ebee13eea","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/hbom/simply/seclabui/vulnerability-distribution","urlObject":{"port":"2999","path":["hbom","simply","seclabui","vulnerability-distribution"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[{"id":"a32bb026-94c5-4222-a6c6-a45e965b1083","name":"Global Vulnerabilities Copy 2","originalRequest":{"method":"GET","header":[],"url":"{{sl-host}}:2999/hbom/simply/seclabui/vulnerability-distribution"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"537"},{"key":"ETag","value":"W/\"219-pIAziYil+srjAzqBrky+7CcsAJ0\""},{"key":"Date","value":"Wed, 17 Dec 2025 13:04:34 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n    \"success\": true,\n    \"data\": [\n        {\n            \"score_bin_start\": 3.5,\n            \"count_in_bin\": \"1\"\n        },\n        {\n            \"score_bin_start\": 4,\n            \"count_in_bin\": \"2\"\n        },\n        {\n            \"score_bin_start\": 4.5,\n            \"count_in_bin\": \"10\"\n        },\n        {\n            \"score_bin_start\": 5,\n            \"count_in_bin\": \"17\"\n        },\n        {\n            \"score_bin_start\": 5.5,\n            \"count_in_bin\": \"12\"\n        },\n        {\n            \"score_bin_start\": 6,\n            \"count_in_bin\": \"3\"\n        },\n        {\n            \"score_bin_start\": 6.5,\n            \"count_in_bin\": \"22\"\n        },\n        {\n            \"score_bin_start\": 7.5,\n            \"count_in_bin\": \"23\"\n        },\n        {\n            \"score_bin_start\": 8,\n            \"count_in_bin\": \"9\"\n        },\n        {\n            \"score_bin_start\": 8.5,\n            \"count_in_bin\": \"4\"\n        },\n        {\n            \"score_bin_start\": 9,\n            \"count_in_bin\": \"2\"\n        },\n        {\n            \"score_bin_start\": 9.5,\n            \"count_in_bin\": \"13\"\n        }\n    ]\n}"}],"_postman_id":"9159bcab-f180-4a4e-80e6-b87ebee13eea"},{"name":"Component Vulnerability Matrix","id":"196443c6-c380-42d8-a8b9-b647bb75252e","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/hbom/simply/seclabui/component-vulnerability-matrix","urlObject":{"port":"2999","path":["hbom","simply","seclabui","component-vulnerability-matrix"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[{"id":"de0c961e-d352-4a15-b940-3d611cf5fc9e","name":"Global Vulnerabilities Copy 3","originalRequest":{"method":"GET","header":[],"url":"{{sl-host}}:2999/hbom/simply/seclabui/component-vulnerability-matrix"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"441"},{"key":"ETag","value":"W/\"1b9-jkSWYApYYe0abq0B1o+4S4iRzzo\""},{"key":"Date","value":"Wed, 17 Dec 2025 13:04:42 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n    \"success\": true,\n    \"data\": [\n        {\n            \"component_name\": \"lwip\",\n            \"average_score\": \"7.5\",\n            \"total_cves\": \"3\"\n        },\n        {\n            \"component_name\": \"newlib\",\n            \"average_score\": \"7.2\",\n            \"total_cves\": \"10\"\n        },\n        {\n            \"component_name\": \"esp-idf\",\n            \"average_score\": \"7.1\",\n            \"total_cves\": \"16\"\n        },\n        {\n            \"component_name\": \"mbedtls\",\n            \"average_score\": \"6.8\",\n            \"total_cves\": \"62\"\n        },\n        {\n            \"component_name\": \"wpa_supplicant\",\n            \"average_score\": \"6.7\",\n            \"total_cves\": \"38\"\n        },\n        {\n            \"component_name\": \"cortex-r\",\n            \"average_score\": \"5.6\",\n            \"total_cves\": \"1\"\n        }\n    ]\n}"}],"_postman_id":"196443c6-c380-42d8-a8b9-b647bb75252e"},{"name":"Vulnerabilities by Exact Score","id":"d53de57b-6c73-43f4-baf3-b29fd2697080","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/hbom/simply/seclabui/vulnerabilities-by-exact-score","urlObject":{"port":"2999","path":["hbom","simply","seclabui","vulnerabilities-by-exact-score"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[{"id":"a2b156b8-e6ec-4137-ad39-4f4de23d97e4","name":"Global Vulnerabilities Copy 2","originalRequest":{"method":"GET","header":[],"url":"{{sl-host}}:2999/hbom/simply/seclabui/vulnerabilities-by-exact-score"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"1037"},{"key":"ETag","value":"W/\"40d-PBPzbwfAdc1wGTwjdMaUnqw/Pv0\""},{"key":"Date","value":"Wed, 17 Dec 2025 13:04:48 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n    \"success\": true,\n    \"data\": [\n        {\n            \"precise_score\": \"9.8\",\n            \"total_count\": \"13\"\n        },\n        {\n            \"precise_score\": \"9.1\",\n            \"total_count\": \"2\"\n        },\n        {\n            \"precise_score\": \"8.9\",\n            \"total_count\": \"1\"\n        },\n        {\n            \"precise_score\": \"8.8\",\n            \"total_count\": \"3\"\n        },\n        {\n            \"precise_score\": \"8.2\",\n            \"total_count\": \"1\"\n        },\n        {\n            \"precise_score\": \"8.1\",\n            \"total_count\": \"8\"\n        },\n        {\n            \"precise_score\": \"7.8\",\n            \"total_count\": \"1\"\n        },\n        {\n            \"precise_score\": \"7.5\",\n            \"total_count\": \"22\"\n        },\n        {\n            \"precise_score\": \"6.8\",\n            \"total_count\": \"5\"\n        },\n        {\n            \"precise_score\": \"6.5\",\n            \"total_count\": \"17\"\n        },\n        {\n            \"precise_score\": \"6.4\",\n            \"total_count\": \"1\"\n        },\n        {\n            \"precise_score\": \"6.2\",\n            \"total_count\": \"1\"\n        },\n        {\n            \"precise_score\": \"6.1\",\n            \"total_count\": \"1\"\n        },\n        {\n            \"precise_score\": \"5.9\",\n            \"total_count\": \"9\"\n        },\n        {\n            \"precise_score\": \"5.6\",\n            \"total_count\": \"1\"\n        },\n        {\n            \"precise_score\": \"5.5\",\n            \"total_count\": \"2\"\n        },\n        {\n            \"precise_score\": \"5.4\",\n            \"total_count\": \"3\"\n        },\n        {\n            \"precise_score\": \"5.3\",\n            \"total_count\": \"13\"\n        },\n        {\n            \"precise_score\": \"5.1\",\n            \"total_count\": \"1\"\n        },\n        {\n            \"precise_score\": \"4.9\",\n            \"total_count\": \"2\"\n        },\n        {\n            \"precise_score\": \"4.8\",\n            \"total_count\": \"2\"\n        },\n        {\n            \"precise_score\": \"4.7\",\n            \"total_count\": \"6\"\n        },\n        {\n            \"precise_score\": \"4.0\",\n            \"total_count\": \"2\"\n        },\n        {\n            \"precise_score\": \"3.7\",\n            \"total_count\": \"1\"\n        }\n    ]\n}"}],"_postman_id":"d53de57b-6c73-43f4-baf3-b29fd2697080"},{"name":"Network Graph Nodes","id":"3aea7f05-1c7d-4680-8e95-7282b15d5c83","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/hbom/simply/seclabui/network-graph-nodes","urlObject":{"port":"2999","path":["hbom","simply","seclabui","network-graph-nodes"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[{"id":"8233161b-cecc-4d07-8faf-e0597fad31f9","name":"Global Vulnerabilities Copy 2","originalRequest":{"method":"GET","header":[],"url":"{{sl-host}}:2999/hbom/simply/seclabui/network-graph-nodes"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"5024"},{"key":"ETag","value":"W/\"13a0-KvXdX/Vx4mQzdHhLgUJZMvfizq4\""},{"key":"Date","value":"Wed, 17 Dec 2025 13:04:53 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n    \"success\": true,\n    \"data\": [\n        {\n            \"id\": \"CVE-2020-36426\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-4141\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-36424\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-23303\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-16146\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-27803\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-14526\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-22284\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-12638\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-46393\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-52160\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"mbedtls\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2017-13082\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-14872\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-4883\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-9496\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-28960\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-35409\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-33453\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-45158\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-13079\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-22283\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-28183\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-12586\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"esp-idf\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2017-13087\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-5291\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-52353\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-27810\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-16910\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-49601\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-36423\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-13594\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-9988\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-28135\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-9499\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-14873\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-36476\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-9498\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-44732\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-5316\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-3420\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-0498\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-24893\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-36422\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-18222\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-18187\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-45450\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"cortex-r\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"wpa_supplicant\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2019-15894\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-5314\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-13081\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-1863\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-10941\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-45199\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-14871\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-36647\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-0497\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-48965\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-28836\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-24119\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-28139\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-27809\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-2784\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2023-43615\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-16150\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-14875\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-47917\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-46392\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-36478\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-13084\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-53406\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-4142\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-13080\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-49600\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-9497\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-14878\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2016-4476\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-9495\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-4145\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-36475\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-30004\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-54764\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-14874\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-5315\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-4144\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-13086\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-0488\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-0210\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-4146\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-23744\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-59438\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-0487\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-13595\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-5290\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-43666\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-13088\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-52496\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-49195\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-36421\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-28136\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-11555\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-3693\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-12587\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2022-23304\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-1000520\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-4143\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-8036\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-28755\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"newlib\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2025-49087\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-9494\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-18558\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-13078\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-36477\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-23775\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-19608\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-33454\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-10932\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-14877\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-30949\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2025-52497\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-45159\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2018-9989\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2015-8041\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"lwip\",\n            \"type\": \"Component\"\n        },\n        {\n            \"id\": \"CVE-2017-14032\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2014-3686\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2019-14876\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2021-45451\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-30166\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2017-13077\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-23170\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2020-36425\",\n            \"type\": \"CVE\"\n        },\n        {\n            \"id\": \"CVE-2024-45157\",\n            \"type\": \"CVE\"\n        }\n    ]\n}"}],"_postman_id":"3aea7f05-1c7d-4680-8e95-7282b15d5c83"},{"name":"Network Graph Links","id":"d13b201b-2324-4f9a-b171-8ac9c4d5a92f","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/hbom/simply/seclabui/network-graph-links","urlObject":{"port":"2999","path":["hbom","simply","seclabui","network-graph-links"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[{"id":"6b57b3a2-0f39-4402-9c9f-ba31a478dd9d","name":"Global Vulnerabilities Copy","originalRequest":{"method":"GET","header":[],"url":"{{sl-host}}:2999/hbom/simply/seclabui/network-graph-links"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"11125"},{"key":"ETag","value":"W/\"2b75-698kRXI79wyDlZuW0OvFJYkEAz0\""},{"key":"Date","value":"Wed, 17 Dec 2025 13:04:58 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n    \"success\": true,\n    \"data\": [\n        {\n            \"source\": \"lwip\",\n            \"target\": \"CVE-2020-22284\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"esp-idf\",\n            \"target\": \"CVE-2020-13595\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"esp-idf\",\n            \"target\": \"CVE-2024-33454\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2015-4146\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"newlib\",\n            \"target\": \"CVE-2019-14876\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2014-3686\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"esp-idf\",\n            \"target\": \"CVE-2020-13594\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"esp-idf\",\n            \"target\": \"CVE-2019-12587\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2015-5316\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"esp-idf\",\n            \"target\": \"CVE-2019-15894\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.8\n        },\n        {\n            \"source\": \"esp-idf\",\n            \"target\": \"CVE-2020-16146\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"esp-idf\",\n            \"target\": \"CVE-2021-28135\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"esp-idf\",\n            \"target\": \"CVE-2020-12638\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.8\n        },\n        {\n            \"source\": \"esp-idf\",\n            \"target\": \"CVE-2024-33453\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2015-4141\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2015-4145\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"lwip\",\n            \"target\": \"CVE-2014-4883\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"esp-idf\",\n            \"target\": \"CVE-2021-28136\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"esp-idf\",\n            \"target\": \"CVE-2024-53406\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"newlib\",\n            \"target\": \"CVE-2019-14871\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"newlib\",\n            \"target\": \"CVE-2019-14872\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"newlib\",\n            \"target\": \"CVE-2019-14873\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"newlib\",\n            \"target\": \"CVE-2019-14874\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"newlib\",\n            \"target\": \"CVE-2019-14875\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"newlib\",\n            \"target\": \"CVE-2019-14877\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"newlib\",\n            \"target\": \"CVE-2019-14878\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"newlib\",\n            \"target\": \"CVE-2021-3420\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"newlib\",\n            \"target\": \"CVE-2024-30949\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"lwip\",\n            \"target\": \"CVE-2020-22283\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2015-0210\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2015-1863\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2015-4142\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2015-4144\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2015-5314\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2015-5315\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2015-8041\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2018-14526\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2017-13087\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2015-8036\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2017-13078\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2017-18187\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2017-13080\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2021-27803\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2017-13084\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.8\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2019-9494\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2018-19608\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.7\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2017-14032\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2016-4476\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2017-13077\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.8\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2017-13081\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2017-13082\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2017-13086\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.8\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2017-13088\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2019-11555\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2019-9495\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2019-9497\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2019-9498\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2019-9499\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2021-30004\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2022-23303\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2022-23304\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2015-5291\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2018-0487\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2018-0488\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2018-0497\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2018-0498\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.7\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2018-1000520\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2018-9988\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2018-9989\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2019-18222\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.7\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2020-10932\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.7\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2020-36422\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2020-36423\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2020-36424\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.7\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2020-36426\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2021-36647\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.7\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2021-44732\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2021-45450\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2021-45451\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2022-35409\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2022-46392\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2022-46393\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2023-43615\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2023-52353\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2024-23170\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2024-23775\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2024-28755\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2024-28960\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.2\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2024-45157\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.1\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2024-45158\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2024-49195\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2025-27809\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.4\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2025-27810\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.4\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2025-47917\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.9\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2025-48965\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2025-49087\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2025-49601\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2025-52496\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2025-52497\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2024-23744\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2025-49600\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.9\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2024-28836\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.4\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2021-24119\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.9\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2020-36475\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2024-30166\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2020-36478\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2020-36477\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2024-45159\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2020-16150\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2023-45199\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2020-10941\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2020-36421\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2025-54764\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.2\n        },\n        {\n            \"source\": \"cortex-r\",\n            \"target\": \"CVE-2018-3693\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.6\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2020-36476\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"esp-idf\",\n            \"target\": \"CVE-2019-12586\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2017-2784\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2021-43666\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2025-59438\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"esp-idf\",\n            \"target\": \"CVE-2018-18558\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.4\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2017-13079\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2020-36425\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        },\n        {\n            \"source\": \"esp-idf\",\n            \"target\": \"CVE-2022-24893\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2023-52160\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5\n        },\n        {\n            \"source\": \"esp-idf\",\n            \"target\": \"CVE-2021-28139\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"esp-idf\",\n            \"target\": \"CVE-2024-28183\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2015-4143\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2019-9496\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5\n        },\n        {\n            \"source\": \"wpa_supplicant\",\n            \"target\": \"CVE-2024-5290\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8\n        },\n        {\n            \"source\": \"mbedtls\",\n            \"target\": \"CVE-2019-16910\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3\n        }\n    ]\n}"}],"_postman_id":"d13b201b-2324-4f9a-b171-8ac9c4d5a92f"},{"name":"Simply Connect Cves","id":"571536e4-dbea-4c84-966a-3c8e0642a66a","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:2999/hbom/simply/seclabui/cves","urlObject":{"port":"2999","path":["hbom","simply","seclabui","cves"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[{"id":"cbc41fa7-e6d1-46b8-96ba-ea5c37c4a245","name":"Simply Connect Cves","originalRequest":{"method":"GET","header":[],"url":"{{sl-host}}:2999/hbom/simply/seclabui/cves"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"1230283"},{"key":"ETag","value":"W/\"12c5cb-TJ7+zxXPYjVEGOW4YKBqFkdBUuc\""},{"key":"Date","value":"Wed, 07 Jan 2026 10:18:06 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n    \"success\": true,\n    \"data\": [\n        {\n            \"id\": \"7\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2020-13595\",\n            \"component_name\": \"esp-idf\",\n            \"component_version\": \"5.4\",\n            \"component_cpe\": \"cpe:2.3:a:espressif:esp_idf:5.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:github/espressif/esp-idf@v5.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2020-13595\\\",\\n \\\"title\\\": \\\"Espressif ESP32 BLE Controller Assertion Failure DoS\\\",\\n \\\"short_description\\\": \\\"The Bluetooth Low Energy (BLE) controller in Espressif ESP-IDF 4.0–4.2 for ESP32 devices returns an incorrect number of completed BLE packets and triggers a reachable assertion on the host stack when receiving a packet with an MIC failure. An attacker within radio range can silently trigger the assertion, which disables the target's BLE stack, by sending a crafted sequence of BLE packets.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows a nearby attacker to perform a reliable, silent denial-of-service against the BLE stack on ESP32 devices without authentication or user interaction. It affects a widely deployed IoT microcontroller platform and can disrupt BLE-dependent functionality (e.g., sensors, beacons, smart-home devices). While impact is limited to availability (no code execution or data theft), the low attack complexity and proximity-based vector make it relevant for exposed or safety-related BLE deployments.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"6.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-617: Reachable Assertion\\\"],\\n \\\"weakness_summary\\\": \\\"A reachable assertion in the BLE controller logic is triggered by crafted packets with MIC failures, causing the BLE stack to halt. The controller incorrectly reports the number of completed BLE packets, leading to an inconsistent state that the host stack cannot handle.\\\",\\n \\\"attack_surface\\\": \\\"Bluetooth Low Energy radio interface; attacker must be within BLE radio range (typically up to ~100 meters). No pairing, authentication, or user interaction required.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires proximity and a crafted BLE packet sequence with MIC failures. No authentication or user interaction is needed, and attack complexity is low. Public research (Sweyntooth) documents related BLE flaws, but no explicit in-the-wild exploitation or PoC for this specific CVE is stated in the input.\\\",\\n \\\"evidence_signals\\\": [\\n \\\"No explicit in-the-wild exploitation or PoC references in input\\\",\\n \\\"CVSS 3.1 metrics indicate low complexity and no privileges required\\\",\\n \\\"Part of Sweyntooth research disclosures suggesting broader BLE implementation issues\\\"\\n ],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Adjacent (Bluetooth radio proximity)\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity DoS with no code execution or data compromise. Exploitation requires physical proximity and only affects BLE availability. Prioritize patching for exposed, BLE-critical devices during regular maintenance windows.\\\",\\n \\\"recommended_sla\\\": \\\"90 days for general deployments; 30 days for safety-critical or highly exposed BLE-dependent systems\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Availability impact only (High); no confidentiality or integrity impact. The BLE stack becomes unavailable until device reset or firmware reload.\\\",\\n \\\"technical_impact_details\\\": \\\"Triggering the assertion disables the BLE controller and host stack, disrupting all BLE communications. Affected devices may require manual intervention (e.g., reboot, firmware reflash) to restore BLE functionality.\\\",\\n \\\"blast_radius\\\": \\\"Limited to ESP32 devices running ESP-IDF 4.0–4.2 with BLE enabled and within radio range of an attacker. IoT deployments in public or semi-public areas are at higher risk.\\\",\\n \\\"business_risk_rating\\\": \\\"2\\\",\\n \\\"business_risk_justification\\\": \\\"DoS impact is localized to BLE functionality and requires proximity. No data breach or persistent compromise. Risk is moderate for BLE-dependent operations (e.g., sensor networks, beacons) but low for overall business continuity.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Espressif ESP-IDF\\\", \\\"Espressif ESP32\\\"],\\n \\\"affected_versions\\\": \\\"ESP-IDF 4.0 through 4.2\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires BLE to be enabled on the ESP32 device; no specific configuration beyond default BLE stack initialization.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Devices physically exposed in public or untrusted locations (e.g., smart sensors, beacons) are at higher risk due to proximity requirements.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Proximity-Based BLE DoS\\\",\\n \\\"attacker_goal\\\": \\\"Disrupt BLE functionality on target ESP32 device\\\",\\n \\\"steps_high_level\\\": [\\n \\\"Attacker positions within BLE radio range of target device\\\",\\n \\\"Attacker crafts and transmits BLE packets with MIC failures in a specific sequence\\\",\\n \\\"Target device's BLE controller triggers assertion and disables BLE stack\\\"\\n ],\\n \\\"likely_targets\\\": \\\"Publicly accessible IoT devices (sensors, beacons, smart-home gadgets) relying on BLE for communication\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Targeted BLE Service Disruption\\\",\\n \\\"attacker_goal\\\": \\\"Degrade or disable BLE-dependent services (e.g., environmental monitoring, asset tracking)\\\",\\n \\\"steps_high_level\\\": [\\n \\\"Attacker identifies BLE-enabled ESP32 devices in a facility via scanning\\\",\\n \\\"Attacker sends crafted BLE packets to trigger assertion on multiple devices\\\",\\n \\\"BLE services become unavailable, requiring manual reset or patching\\\"\\n ],\\n \\\"likely_targets\\\": \\\"BLE-based sensor networks, beacons, or control systems in industrial or commercial settings\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Update ESP-IDF to a version beyond 4.2 (if available) to resolve the assertion flaw.\\\",\\n \\\"Implement physical security controls to limit unauthorized BLE proximity access to critical devices.\\\",\\n \\\"Deploy monitoring to detect repeated BLE stack failures or unexpected resets on ESP32 devices.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disable BLE if not required; implement watchdog timers to auto-restart devices on BLE stack failure; restrict physical access to devices.\\\",\\n \\\"patching_notes\\\": \\\"Check Espressif advisories for fixed ESP-IDF versions. Test patches in non-production environments to ensure BLE functionality remains stable.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify ESP-IDF version on deployed ESP32 devices matches or exceeds the patched version.\\\",\\n \\\"Confirm BLE stack remains operational after exposure to normal BLE traffic and stress tests.\\\",\\n \\\"Monitor device logs for assertion failures or BLE stack crashes post-patch.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backup firmware images for rollback if patching introduces instability. Ensure BLE-dependent services can tolerate temporary outages during rollback.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor ESP32 device logs for BLE stack assertion failures or unexpected resets\\\",\\n \\\"Use BLE sniffers to detect anomalous packet sequences with MIC failures in proximity\\\",\\n \\\"Deploy EDR or IoT monitoring tools to track BLE stack state changes on ESP32 devices\\\",\\n \\\"Hunt for repeated BLE disconnections or service unavailability across device fleets\\\",\\n \\\"Correlate physical access logs with BLE stack failures to identify potential proximity-based attacks\\\",\\n \\\"Alert on devices requiring manual reset after BLE stack crashes\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00237\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Affects Espressif ESP32 hardware and ESP-IDF firmware; relevant for IoT device manufacturers and integrators using these components.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Fixed versions\\\", \\\"Explicit PoC or in-the-wild exploitation evidence\\\", \\\"Detailed vendor advisory link\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS score discrepancy: cves_euvd reports 0.2400 while cves_epss reports 0.00237; using cves_epss as authoritative source\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed 'reachable assertion' implies DoS without code execution based on CWE-617 and description\\\", \\\"Inferred exploitability from CVSS metrics due to lack of explicit PoC\\\"],\\n \\\"confidence\\\": \\\"Medium: Core vulnerability details are clear, but missing fixed versions and explicit exploitation evidence limit actionable guidance.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://asset-group.github.io/cves.html\\\",\\n \\\"https://asset-group.github.io/disclosures/sweyntooth/\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"15\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2024-33454\",\n            \"component_name\": \"esp-idf\",\n            \"component_version\": \"5.4\",\n            \"component_cpe\": \"cpe:2.3:a:espressif:esp_idf:5.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:github/espressif/esp-idf@v5.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2024-33454\\\",\\n \\\"title\\\": \\\"Espressif ESP-IDF v5.1 Bluetooth Stack Buffer Overflow\\\",\\n \\\"short_description\\\": \\\"A buffer overflow in the Bluetooth stack component of Espressif ESP-IDF v5.1 allows a remote attacker to execute arbitrary code by sending a crafted script.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability enables remote code execution on affected ESP32-based IoT/embedded devices without user interaction, potentially leading to device takeover, data exfiltration, or lateral movement within Bluetooth-enabled networks. The affected component (Bluetooth stack) is core to device connectivity and often exposed to untrusted inputs.\\\",\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"6.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-120\\\"],\\n \\\"weakness_summary\\\": \\\"Classic buffer overflow in the Bluetooth stack when processing a crafted script; lacks proper bounds checking on input.\\\",\\n \\\"attack_surface\\\": \\\"Bluetooth interface (L2CAP/RFCOMM or similar protocol handlers) exposed to nearby or paired devices.\\\"\\n },\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Remote code execution is feasible over the network with low attack complexity, but requires high privileges (likely device pairing/authentication). No public evidence of in-the-wild exploitation.\\\",\\n \\\"evidence_signals\\\": [\\\"No CISA KEV entry present in input data\\\", \\\"No vendor advisory or exploit code referenced in input data\\\", \\\"EPSS score suggests low near-term exploitation likelihood\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Adjacent (Bluetooth radio proximity) or Network (if Bluetooth stack exposes network-accessible services)\\\",\\n \\\"authentication_required\\\": \\\"High privileges implied by PR:H in CVSS vector\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"High\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"CVSS 6.5 (MEDIUM) with High privileges required limits immediate risk, but RCE impact warrants patching in next maintenance cycle. Prioritize devices with Bluetooth exposed to untrusted environments.\\\",\\n \\\"recommended_sla\\\": \\\"Patch within 90 days; apply compensating controls (network segmentation, disable unnecessary Bluetooth profiles) within 14 days.\\\"\\n },\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"High confidentiality and integrity impact (code execution), no availability impact per CVSS.\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation grants arbitrary code execution in the context of the Bluetooth stack process, potentially leading to full device compromise, credential theft, or firmware modification.\\\",\\n \\\"blast_radius\\\": \\\"Limited to ESP32 devices running ESP-IDF v5.1 with Bluetooth enabled and exposed to attackers within radio range or network-accessible Bluetooth services.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to RCE potential, but mitigated by high privilege requirement and lack of known exploitation. IoT devices in critical infrastructure or handling sensitive data elevate risk.\\\"\\n },\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Espressif ESP-IDF\\\"],\\n \\\"affected_versions\\\": \\\"v5.1\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Bluetooth stack must be enabled and actively listening for connections.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Devices with Bluetooth exposed to public or semi-trusted networks (e.g., public-facing IoT sensors) are at higher risk.\\\"\\n },\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Bluetooth-based RCE on IoT sensor\\\",\\n \\\"attacker_goal\\\": \\\"Compromise an exposed ESP32-based environmental sensor to exfiltrate data or pivot into the local network.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker within Bluetooth range identifies target device with ESP-IDF v5.1\\\", \\\"Crafts malicious script exploiting buffer overflow in Bluetooth stack\\\", \\\"Sends crafted payload to execute arbitrary code on device\\\"],\\n \\\"likely_targets\\\": \\\"IoT sensors, smart home devices, industrial controllers with Bluetooth enabled.\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Privilege escalation via paired device compromise\\\",\\n \\\"attacker_goal\\\": \\\"Gain control of a paired Bluetooth device to inject malicious firmware or steal credentials.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker compromises a paired device (e.g., smartphone) with lower privileges\\\", \\\"Exploits buffer overflow to escalate privileges on ESP32 target\\\", \\\"Modifies device firmware or extracts sensitive data\\\"],\\n \\\"likely_targets\\\": \\\"Wearables, medical devices, or industrial IoT with persistent Bluetooth pairings.\\\"\\n }\\n ],\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Compensating Controls\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Apply vendor-provided patches for ESP-IDF v5.1 immediately upon release.\\\",\\n \\\"Disable unnecessary Bluetooth profiles and enforce secure pairing (e.g., SSP, MITM protection) to reduce attack surface.\\\",\\n \\\"Implement network segmentation to isolate ESP32 devices from critical infrastructure and monitor Bluetooth traffic for anomalies.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Restrict Bluetooth visibility (non-discoverable mode), limit pairing to trusted devices, and disable unused GATT services.\\\",\\n \\\"patching_notes\\\": \\\"Monitor Espressif security advisories for fixed ESP-IDF versions. Test patches in non-production environments before deployment.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Inventory all ESP32-based devices and verify ESP-IDF version 5.1 is in use.\\\",\\n \\\"Confirm Bluetooth stack is enabled and identify exposure to untrusted networks.\\\",\\n \\\"After patching, validate buffer overflow is mitigated by testing with benign payloads and monitoring for crashes.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of device firmware before patching; ensure rollback procedures are tested to avoid service disruption.\\\"\\n },\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor Bluetooth stack logs for unexpected disconnections, crashes, or malformed packet errors indicative of exploitation attempts.\\\",\\n \\\"Deploy IDS/IPS rules to detect crafted Bluetooth packets targeting ESP-IDF v5.1 (e.g., oversized L2CAP payloads).\\\",\\n \\\"Use EDR or device monitoring tools to flag unusual process execution or network connections originating from Bluetooth stack.\\\",\\n \\\"Hunt for anomalous Bluetooth pairing requests or connections from untrusted devices in proximity to critical assets.\\\",\\n \\\"Correlate device telemetry (e.g., heap corruption, stack smashing) with known buffer overflow patterns.\\\",\\n \\\"Review firmware integrity checks to detect unauthorized modifications post-exploitation.\\\"\\n ],\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.01265 (percentile: 0.78820)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Affects ESP-IDF framework used in many IoT products; compromise could propagate to downstream devices.\\\"\\n },\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Fixed versions\\\", \\\"Vendor advisory link\\\", \\\"Detailed technical analysis of the overflow mechanism\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"CVSS vector implies PR:H but description does not clarify privilege context\\\", \\\"EPSS scores differ between sources (1.26% vs 0.01265)\\\"],\\n \\\"assumptions_made\\\": [\\\"High privileges likely refer to Bluetooth pairing/authentication\\\", \\\"Attack vector is adjacent network (Bluetooth) despite AV:N in CVSS\\\"],\\n \\\"confidence\\\": \\\"Medium - Core details are present, but lack of vendor advisory and fixed version limits actionable guidance.\\\"\\n },\\n \\\"references\\\": [\\n \\\"https://gist.github.com/Zakary-D/30f565c4266c02c62aa9089c363e78e9\\\"\\n ],\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"38\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2015-4146\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2015-4146\\\",\\n \\\"title\\\": \\\"EAP-pwd peer DoS due to uninitialized flags in hostapd and wpa_supplicant\\\",\\n \\\"short_description\\\": \\\"The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 fails to clear L (Length) and M (More) flags before fragmentation decisions, allowing remote attackers to trigger a crash via a crafted message.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability enables remote, unauthenticated attackers to cause a denial of service (crash) in WPA2-Enterprise EAP-pwd deployments. It affects both client (wpa_supplicant) and access point (hostapd) implementations, potentially disrupting wireless authentication and network availability without requiring credentials or user interaction.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"2.0\\\",\\n \\\"cvss_base_score\\\": \\\"5.0\\\",\\n \\\"cvss_vector\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"Not available / Not specified in input data\\\"],\\n \\\"weakness_summary\\\": \\\"Improper handling of protocol flags in EAP-pwd fragmentation logic leads to incorrect state transitions and service crash.\\\",\\n \\\"attack_surface\\\": \\\"Network-accessible EAP-pwd peer implementations during WLAN authentication handshake.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Remote attackers can trigger a DoS by sending a crafted EAP-pwd message with manipulated flags during authentication.\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of in-the-wild exploitation in input data\\\", \\\"EPSS score indicates low real-world exploitation likelihood\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Adjacent network (wireless)\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low (crafted packet injection)\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity DoS with no authentication required but limited to adjacent network access and no evidence of active exploitation. Prioritize patching during standard maintenance windows for affected wireless infrastructure.\\\",\\n \\\"recommended_sla\\\": \\\"90 days\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Availability (High), Integrity (None), Confidentiality (None)\\\",\\n \\\"technical_impact_details\\\": \\\"Service crash in EAP-pwd authentication components disrupts wireless connectivity for affected peers or access points. May require manual restart of wpa_supplicant/hostapd processes.\\\",\\n \\\"blast_radius\\\": \\\"Medium - affects all EAP-pwd enabled wireless clients and infrastructure within broadcast range\\\",\\n \\\"business_risk_rating\\\": \\\"2\\\",\\n \\\"business_risk_justification\\\": \\\"DoS impact limited to wireless authentication service without data compromise. Risk mitigated by alternative authentication methods and typical wireless network redundancy. Low exploitation likelihood reduces urgency.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"w1.fi wpa_supplicant\\\", \\\"w1.fi hostapd\\\"],\\n \\\"affected_versions\\\": \\\"1.0 through 2.4\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires EAP-pwd authentication method enabled in wpa_supplicant or hostapd configuration\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Low - requires adjacent wireless network access, not directly internet-exposed\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Wireless DoS against Enterprise WLAN\\\",\\n \\\"attacker_goal\\\": \\\"Disrupt wireless authentication service\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker connects to target wireless network\\\", \\\"Attacker crafts EAP-pwd message with manipulated L/M flags\\\", \\\"Attacker sends crafted packet to target peer or AP during authentication\\\"],\\n \\\"likely_targets\\\": \\\"Enterprise WLAN infrastructure using EAP-pwd authentication\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Targeted Client Disconnection\\\",\\n \\\"attacker_goal\\\": \\\"Force specific wireless clients to disconnect\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker identifies target client MAC address\\\", \\\"Attacker spoofs AP identity to initiate EAP-pwd exchange\\\", \\\"Attacker injects malicious EAP-pwd packet with crafted flags\\\"],\\n \\\"likely_targets\\\": \\\"Individual wireless clients configured with EAP-pwd authentication\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Apply vendor patches for hostapd and wpa_supplicant versions 1.0-2.4 to address EAP-pwd flag handling.\\\",\\n \\\"Disable EAP-pwd authentication method if not required, using alternative EAP methods (EAP-TLS, PEAP, EAP-TTLS).\\\",\\n \\\"Implement wireless intrusion prevention (WIPS) to detect and block crafted EAP-pwd packets.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disable EAP-pwd authentication method in wireless configuration\\\",\\n \\\"patching_notes\\\": \\\"Patch available at w1.fi security advisory 2015-4. Verify compatibility with existing wireless infrastructure before deployment.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify wpa_supplicant/hostapd version is updated beyond 2.4 or patched with security fix.\\\",\\n \\\"Confirm EAP-pwd configuration status in wpa_supplicant.conf or hostapd configuration files.\\\",\\n \\\"Test wireless authentication functionality post-patch to ensure service availability.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous wpa_supplicant/hostapd binaries and configuration files before patching. Test rollback procedure in non-production environment.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor wpa_supplicant and hostapd process crashes in system logs (syslog, journalctl) for abnormal termination patterns.\\\",\\n \\\"Deploy wireless packet capture to detect malformed EAP-pwd packets with unusual flag combinations.\\\",\\n \\\"Correlate authentication failures with wireless association events to identify targeted DoS attempts.\\\",\\n \\\"Monitor for repeated EAP-pwd authentication attempts from single MAC addresses within short time windows.\\\",\\n \\\"Implement EAP-pwd message validation in WIPS/IDS to flag packets with invalid flag combinations.\\\",\\n \\\"Track hostapd/wpa_supplicant memory dumps and core files as indicators of exploitation attempts.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.01312 (1.31%)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Low - affects specific wireless authentication components, not broad software supply chain\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"CWE identifiers\\\", \\\"CVSS 3.x/4.0 scores\\\", \\\"Vendor patch availability details\\\", \\\"Fixed version information\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"CVSS 2.0 base score discrepancy: cves_euvd reports 5.0 while cves reports 0.0\\\"],\\n \\\"assumptions_made\\\": [\\\"EPSS score interpretation based on percentile ranking\\\", \\\"Adjacent network access requirement inferred from wireless protocol context\\\"],\\n \\\"confidence\\\": \\\"Medium - core vulnerability details confirmed but missing modern CVSS scoring and exploit status verification\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://lists.opensuse.org/opensuse-updates/2015-06/msg00019.html\\\",\\n \\\"http://w1.fi/security/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"22\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2019-14876\",\n            \"component_name\": \"newlib\",\n            \"component_version\": \"4.1.0\",\n            \"component_cpe\": \"cpe:2.3:a:newlib_project:newlib:4.1.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/newlib@4.1.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2019-14876\\\",\\n \\\"title\\\": \\\"newlib libc __lshift null pointer dereference\\\",\\n \\\"short_description\\\": \\\"In the __lshift function of the newlib libc library, all versions prior to 3.3.0, Balloc is used to allocate a big integer without checking if the allocation succeeded. Access to b1 triggers a null pointer dereference when memory allocation fails.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows an authenticated attacker to cause denial of service by triggering a null pointer dereference when the system is under memory pressure. While it does not directly enable code execution or data theft, it can crash applications or entire systems relying on newlib, particularly impactful in embedded/IoT contexts where newlib is widely used.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"6.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-476\\\"],\\n \\\"weakness_summary\\\": \\\"Null pointer dereference due to missing allocation failure check in Balloc call within __lshift function.\\\",\\n \\\"attack_surface\\\": \\\"Applications using newlib's big integer arithmetic functions, particularly those processing untrusted input under low-memory conditions.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires authenticated access and ability to trigger memory allocation failure, typically through resource exhaustion or crafted input.\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of in-the-wild exploitation in input data\\\", \\\"EPSS score suggests low real-world exploitation likelihood\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes (network-based attack vector per CVSS)\\\",\\n \\\"authentication_required\\\": \\\"Yes (PR:L)\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"Low\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity DoS vulnerability requiring authenticated access. While availability impact is high, exploitation requires specific memory pressure conditions. Schedule patching during regular maintenance cycles unless systems are memory-constrained or mission-critical.\\\",\\n \\\"recommended_sla\\\": \\\"90 days for general systems; 30 days for memory-constrained or high-availability environments\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Availability: High (complete application/system crash)\\\",\\n \\\"technical_impact_details\\\": \\\"Null pointer dereference causes application termination or system crash when Balloc fails to allocate memory for big integer operations in __lshift function.\\\",\\n \\\"blast_radius\\\": \\\"Limited to applications using newlib's big integer functions; broader impact in embedded systems where newlib is the primary C library.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to DoS potential, but requires authenticated access and memory pressure conditions. Higher risk for embedded/IoT devices with limited memory resources and long update cycles.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"newlib\\\"],\\n \\\"affected_versions\\\": \\\"All versions prior to 3.3.0\\\",\\n \\\"fixed_versions\\\": \\\"3.3.0 and later\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires applications that call __lshift function or dependent big integer operations\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Relevant for internet-facing systems using newlib, particularly embedded devices and IoT endpoints\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Memory exhaustion DoS attack\\\",\\n \\\"attacker_goal\\\": \\\"Cause application or system crash\\\",\\n \\\"steps_high_level\\\": [\\\"Authenticate to target system with low privileges\\\", \\\"Trigger operations that call __lshift function with large integer inputs\\\", \\\"Exhaust available memory through parallel requests or memory leaks to cause Balloc failure\\\"],\\n \\\"likely_targets\\\": \\\"Embedded systems, IoT devices, and applications using newlib with limited memory resources\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Resource starvation exploitation\\\",\\n \\\"attacker_goal\\\": \\\"Disrupt service availability\\\",\\n \\\"steps_high_level\\\": [\\\"Identify systems using newlib versions < 3.3.0\\\", \\\"Craft input that requires large big integer operations\\\", \\\"Coordinate multiple requests to create memory pressure and trigger allocation failures\\\"],\\n \\\"likely_targets\\\": \\\"Network-connected embedded devices, real-time systems, and industrial control systems\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and hardening\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade newlib to version 3.3.0 or later to address the null pointer dereference vulnerability.\\\",\\n \\\"Implement memory monitoring and limits to detect and prevent memory exhaustion conditions that could trigger the vulnerability.\\\",\\n \\\"Apply input validation and size limits on operations that use big integer arithmetic functions to reduce attack surface.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Implement memory pressure monitoring and restart mechanisms; limit authenticated user access to reduce attack surface\\\",\\n \\\"patching_notes\\\": \\\"Version 3.3.0 includes proper null check after Balloc allocation. Test compatibility with existing applications before deployment.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify newlib version is 3.3.0 or later using version checking mechanisms or library inspection tools.\\\",\\n \\\"Test big integer operations under memory-constrained conditions to confirm stability.\\\",\\n \\\"Monitor system logs for null pointer dereference errors or application crashes related to memory allocation failures.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous newlib version and application binaries; ensure system restore procedures are tested before patching\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor application logs for segmentation faults or null pointer exceptions in processes using newlib\\\",\\n \\\"Implement memory usage monitoring to detect unusual allocation patterns or memory exhaustion events\\\",\\n \\\"Use system monitoring tools to track processes crashing with signal 11 (SIGSEGV) related to newlib functions\\\",\\n \\\"Hunt for repeated authentication attempts followed by resource-intensive operations that could trigger memory pressure\\\",\\n \\\"Deploy network monitoring to identify coordinated attacks targeting embedded devices using newlib\\\",\\n \\\"Correlate system crashes with memory pressure indicators and user activity logs\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00309\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High relevance for embedded systems and IoT devices where newlib is commonly used as the C standard library\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Vendor advisory details\\\", \\\"Specific affected product versions beyond 'prior to 3.3.0'\\\", \\\"Detailed exploitability conditions\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"CVSS version conflict: 3.1 in cves data vs 3.0 in cves_euvd\\\", \\\"EPSS score discrepancy: 0.3100 in cves_euvd vs 0.00309 in cves_epss\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed network-based attack vector interpretation from CVSS AV:N\\\", \\\"Inferred embedded/IoT relevance from newlib's typical deployment contexts\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear, but conflicting CVSS/EPSS data and limited vendor information reduce confidence in exploitation likelihood assessment\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"30\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2014-3686\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2014-3686\\\",\\n \\\"title\\\": \\\"wpa_supplicant and hostapd Command Injection via Crafted Frame\\\",\\n \\\"short_description\\\": \\\"wpa_supplicant and hostapd 0.7.2 through 2.2, when configured with action scripts for wpa_cli or hostapd_cli, allow remote attackers to execute arbitrary commands via a crafted frame.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability enables remote command injection in core Wi‑Fi authentication components used across Linux distributions and embedded systems. Successful exploitation grants attackers the ability to execute arbitrary commands with the privileges of the wpa_supplicant/hostapd process, potentially leading to full system compromise, network eavesdropping, or lateral movement. The requirement for action scripts makes exploitation conditional, but misconfigurations or default deployments increase risk significantly.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"2.0\\\",\\n \\\"cvss_base_score\\\": \\\"6.8\\\",\\n \\\"cvss_vector\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-78\\\"],\\n \\\"weakness_summary\\\": \\\"OS Command Injection in action script handling when processing crafted frames.\\\",\\n \\\"attack_surface\\\": \\\"Network-accessible wpa_supplicant/hostapd daemons with wpa_cli/hostapd_cli action scripts enabled.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires a crafted frame sent to a vulnerable wpa_supplicant or hostapd instance configured with action scripts. No authentication is needed if the daemon is network-accessible, but the configuration dependency limits exposure.\\\",\\n \\\"evidence_signals\\\": [\\\"No explicit in-the-wild exploitation or public PoC mentioned in input data.\\\", \\\"EPSS score 0.04674 (4.674%) indicates low current exploitation likelihood.\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Medium (requires crafted frame and action script configuration)\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Command injection with remote vector warrants patching, but exploitation requires specific action script configuration, reducing immediate risk. No evidence of active exploitation; EPSS suggests low current threat. Prioritize patching during next maintenance window for affected systems.\\\",\\n \\\"recommended_sla\\\": \\\"Patch within 30-60 days; verify configurations and restrict network access immediately.\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"High (Confidentiality, Integrity, Availability)\\\",\\n \\\"technical_impact_details\\\": \\\"Remote command execution with daemon privileges (often root). Attackers can read/write arbitrary files, manipulate network configurations, intercept traffic, or pivot to other systems.\\\",\\n \\\"blast_radius\\\": \\\"Moderate: Affects systems running wpa_supplicant/hostapd 0.7.2–2.2 with action scripts enabled. Common in Linux distributions (Ubuntu 10.04/12.04/14.04 LTS, Debian 6.0) and embedded devices.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Risk is elevated by the potential for full system compromise, but mitigated by configuration requirements and lack of widespread exploitation evidence. Internet-exposed systems or critical infrastructure using affected versions face higher risk.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"w1.fi hostapd\\\", \\\"w1.fi wpa_supplicant\\\", \\\"Ubuntu Linux\\\", \\\"Debian Linux\\\"],\\n \\\"affected_versions\\\": \\\"wpa_supplicant and hostapd 0.7.2 through 2.2; Ubuntu 10.04/12.04/14.04 LTS; Debian 6.0.\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires wpa_cli or hostapd_cli with action scripts enabled.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High if daemons are internet-accessible; otherwise internal network exposure applies.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Remote Command Injection via Crafted Frame\\\",\\n \\\"attacker_goal\\\": \\\"Execute arbitrary commands to compromise the host or network.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker sends a specially crafted frame to a vulnerable wpa_supplicant/hostapd instance with action scripts enabled.\\\", \\\"The daemon processes the frame and invokes action scripts with unsanitized input.\\\", \\\"Command injection occurs, executing attacker-controlled commands with daemon privileges (often root).\\\"],\\n \\\"likely_targets\\\": \\\"Linux servers/workstations with Wi‑Fi interfaces, embedded devices (routers, IoT), or network infrastructure using affected versions.\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Lateral Movement from Compromised Wi‑Fi Client\\\",\\n \\\"attacker_goal\\\": \\\"Pivot from a compromised Wi‑Fi client to internal network resources.\\\",\\n \\\"steps_high_level\\\": [\\\"Exploit CVE-2014-3686 on a client running vulnerable wpa_supplicant.\\\", \\\"Use command execution to install persistence or extract credentials.\\\", \\\"Leverage compromised client to attack adjacent systems or escalate privileges.\\\"],\\n \\\"likely_targets\\\": \\\"Enterprise workstations or devices with action scripts enabled, especially in environments with weak network segmentation.\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Hardening\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Update wpa_supplicant and hostapd to versions beyond 2.2 (check vendor advisories for exact fixed versions).\\\",\\n \\\"Disable action scripts in wpa_cli/hostapd_cli configurations if not required, or restrict script permissions to read-only.\\\",\\n \\\"Implement network segmentation and firewall rules to prevent unauthorized access to wpa_supplicant/hostapd daemons (e.g., block unnecessary ports, use VLANs).\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disable action scripts or restrict their execution permissions; limit network exposure of affected daemons.\\\",\\n \\\"patching_notes\\\": \\\"Verify patches with regression testing for Wi‑Fi functionality; prioritize systems with action scripts enabled or internet exposure.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Check installed versions of wpa_supplicant and hostapd against affected ranges (0.7.2–2.2).\\\",\\n \\\"Review configuration files for action script usage (e.g., wpa_cli action scripts).\\\",\\n \\\"Test Wi‑Fi connectivity post-patch to ensure no service disruption.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backups of configuration files and pre-patch binaries; rollback plan should include restoring configurations and verifying network functionality.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor process execution logs for unexpected commands spawned by wpa_supplicant or hostapd processes.\\\",\\n \\\"Use EDR/SIEM rules to detect network connections to wpa_supplicant/hostapd ports from untrusted sources.\\\",\\n \\\"Hunt for anomalous script executions in action script directories (e.g., /etc/wpa_supplicant/scripts).\\\",\\n \\\"Analyze network captures for crafted frames targeting Wi‑Fi authentication protocols (e.g., EAPOL).\\\",\\n \\\"Review system logs for privilege escalation attempts following wpa_supplicant/hostapd activity.\\\",\\n \\\"Scan for vulnerable versions using asset inventory tools or vulnerability scanners (e.g., OpenVAS, Nessus).\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.04674 (4.674%)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Moderate: Affects common Linux distributions and embedded devices; potential for broad supply chain impact if unpatched.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"CVSS vector string\\\", \\\"Exact fixed versions\\\", \\\"Vendor patch links\\\", \\\"CISA KEV status\\\", \\\"Public exploit availability\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"CVSS base score discrepancy: cves_euvd reports 6.8 (v2.0), while cves reports 0.0; using 6.8 as authoritative.\\\", \\\"EPSS values differ between sources (4.5100 vs 0.04674); using 0.04674 from cves_epss as latest.\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed 'crafted frame' refers to network-sent data triggering command injection.\\\", \\\"Inferred CWE-78 (OS Command Injection) based on description.\\\", \\\"Treated cves_euvd CVSS 6.8 as authoritative over cves 0.0.\\\"],\\n \\\"confidence\\\": \\\"Medium: Core vulnerability details are clear, but missing fixed versions and exploit evidence limit precision.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://advisories.mageia.org/MGASA-2014-0429.html\\\",\\n \\\"http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00000.html\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"6\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2020-13594\",\n            \"component_name\": \"esp-idf\",\n            \"component_version\": \"5.4\",\n            \"component_cpe\": \"cpe:2.3:a:espressif:esp_idf:5.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:github/espressif/esp-idf@v5.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2020-13594\\\",\\n \\\"title\\\": \\\"Espressif ESP32 BLE Controller DoS via Crafted Connection Request\\\",\\n \\\"short_description\\\": \\\"The Bluetooth Low Energy (BLE) controller in Espressif ESP-IDF 4.2 and earlier does not properly restrict the channel map field of the connection request packet, allowing attackers within radio range to cause a denial of service (crash) via a crafted packet.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability enables attackers within radio range to crash ESP32 devices by sending a malicious BLE connection request, leading to service disruption. It affects a wide range of IoT devices using ESP-IDF 4.2 and earlier, potentially impacting availability of connected systems without requiring authentication or user interaction.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"6.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"Not available / Not specified in input data\\\"],\\n \\\"weakness_summary\\\": \\\"Improper input validation of BLE connection request packet channel map field allows crafted packets to trigger device crashes\\\",\\n \\\"attack_surface\\\": \\\"Bluetooth Low Energy radio interface within physical proximity\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Attackers within radio range can send crafted BLE connection request packets to cause denial of service without authentication\\\",\\n \\\"evidence_signals\\\": [\\\"Public disclosure through Sweyntooth research project\\\", \\\"No explicit evidence of in-the-wild exploitation in input data\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Adjacent network (Bluetooth radio range)\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity DoS vulnerability requiring physical proximity with moderate impact on availability. No evidence of active exploitation but affects critical IoT infrastructure components.\\\",\\n \\\"recommended_sla\\\": \\\"30-60 days for internet-exposed devices; 90 days for internal network devices\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Availability impact (High) with no confidentiality or integrity compromise\\\",\\n \\\"technical_impact_details\\\": \\\"Device crash/reboot causing service disruption until manual or automatic recovery. No code execution or data exfiltration capability.\\\",\\n \\\"blast_radius\\\": \\\"Limited to ESP32 devices within Bluetooth radio range (~100m). Higher impact in dense IoT deployments or critical infrastructure monitoring systems.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to availability impact on IoT devices. Risk increases with deployment density, criticality of monitored systems, and difficulty of physical access for recovery. Lower risk if devices support automatic restart.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Espressif ESP-IDF\\\", \\\"Espressif ESP32\\\"],\\n \\\"affected_versions\\\": \\\"ESP-IDF 4.2 and earlier\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires BLE functionality to be enabled on ESP32 devices\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Devices with BLE enabled and within physical proximity are vulnerable regardless of internet connectivity status\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Physical Proximity DoS Attack\\\",\\n \\\"attacker_goal\\\": \\\"Disrupt IoT device operation through wireless denial of service\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker positions within Bluetooth range of target ESP32 device\\\", \\\"Craft malicious BLE connection request with invalid channel map field\\\", \\\"Send crafted packet to trigger device crash and service disruption\\\"],\\n \\\"likely_targets\\\": \\\"ESP32-based IoT devices in publicly accessible areas, industrial sensors, smart building controllers\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Coordinated Infrastructure Disruption\\\",\\n \\\"attacker_goal\\\": \\\"Disable multiple IoT sensors to disrupt monitoring or control systems\\\",\\n \\\"steps_high_level\\\": [\\\"Identify multiple ESP32 devices in target facility using BLE scanning\\\", \\\"Deploy automated tool to send crafted connection requests to all discovered devices\\\", \\\"Cause cascading failures across IoT infrastructure requiring manual intervention\\\"],\\n \\\"likely_targets\\\": \\\"Building automation systems, environmental monitoring networks, industrial IoT deployments\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch management and network segmentation\\\",\\n \\\"mitigation_action\\\": [\\\"Upgrade ESP-IDF to version 4.3 or later to implement proper channel map validation\\\", \\\"Implement physical security controls to limit unauthorized access to Bluetooth radio proximity\\\", \\\"Deploy network monitoring to detect unusual BLE connection patterns and potential attack attempts\\\"],\\n \\\"workarounds\\\": \\\"Disable BLE functionality if not required for device operation; implement watchdog timers for automatic recovery\\\",\\n \\\"patching_notes\\\": \\\"Verify patch compatibility with existing IoT device firmware and test in staging environment before production deployment\\\",\\n \\\"verification_steps\\\": [\\\"Confirm ESP-IDF version 4.3+ is installed on all ESP32 devices\\\", \\\"Test BLE functionality post-update to ensure normal operation\\\", \\\"Monitor device stability and crash logs for residual issues\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous firmware version; ensure rollback process doesn't require BLE connectivity if devices become unreachable\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor ESP32 device logs for unexpected crashes or watchdog resets\\\",\\n \\\"Deploy BLE monitoring tools to detect unusual connection request patterns\\\",\\n \\\"Implement device availability monitoring to identify service disruptions\\\",\\n \\\"Hunt for repeated crash events across multiple ESP32 devices in same timeframe\\\",\\n \\\"Monitor for unauthorized BLE scanning activity in facility perimeter\\\",\\n \\\"Track device recovery patterns to identify potential coordinated attacks\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Sweyntooth research project disclosure\\\",\\n \\\"epss\\\": \\\"0.00152\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Affects ESP32 chips used in various IoT products; impacts multiple vendors using Espressif components\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"CWE identifier\\\", \\\"Fixed version information\\\", \\\"Vendor patch availability details\\\", \\\"Explicit exploit code availability\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS score discrepancy: 0.1500 vs 0.00152 - using 0.00152 as it's from dedicated EPSS source\\\", \\\"Limited detail on specific affected device models beyond ESP32\\\"],\\n \\\"assumptions_made\\\": [\\\"Devices support automatic recovery or manual reset capability\\\", \\\"BLE functionality is required for device operation in most deployments\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear but missing specific patch information and real-world exploitation evidence\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://asset-group.github.io/cves.html\\\",\\n \\\"https://asset-group.github.io/disclosures/sweyntooth/\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"3\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2019-12587\",\n            \"component_name\": \"esp-idf\",\n            \"component_version\": \"5.4\",\n            \"component_cpe\": \"cpe:2.3:a:espressif:esp_idf:5.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:github/espressif/esp-idf@v5.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2019-12587\\\",\\n \\\"title\\\": \\\"Espressif ESP-IDF and ESP8266_NONOS_SDK Zero PMK Installation Vulnerability\\\",\\n \\\"short_description\\\": \\\"The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 allows installation of a zero Pairwise Master Key (PMK) after EAP authentication, enabling attackers in radio range to replay, decrypt, or spoof frames via a rogue access point.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability fundamentally breaks WPA2-Enterprise authentication security by allowing an attacker to derive a zero PMK, effectively bypassing cryptographic protections. Attackers within radio range can establish rogue access points to intercept, decrypt, and manipulate network traffic from affected IoT devices. The impact extends to credential theft, data exfiltration, and unauthorized network access, particularly critical in industrial IoT, smart home, and embedded device deployments where these chipsets are widely used.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.0\\\",\\n \\\"cvss_base_score\\\": \\\"8.1\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\\\",\\n \\\"severity_label\\\": \\\"HIGH\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-287: Improper Authentication\\\"],\\n \\\"weakness_summary\\\": \\\"The EAP peer implementation fails to properly validate the Pairwise Master Key (PMK) during authentication, accepting a zero-value key. This breaks the 4-way handshake cryptographic foundation in WPA2-Enterprise, allowing session key derivation without legitimate credentials.\\\",\\n \\\"attack_surface\\\": \\\"Wireless attack surface requiring proximity (adjacent network). Exploitation occurs during EAP authentication handshake with rogue access points. Affects any network configuration using EAP authentication methods with vulnerable firmware.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Public PoC\\\",\\n \\\"exploit_summary\\\": \\\"Public proof-of-concept code demonstrates rogue AP attacks against vulnerable devices. Attackers can force zero PMK installation through crafted EAP exchanges, then decrypt traffic or inject malicious frames.\\\",\\n \\\"evidence_signals\\\": [\\n \\\"GitHub repository 'Matheus-Garbelini/esp32_esp8266_attacks' provides exploit demonstration\\\",\\n \\\"CVSS 3.0 metrics indicate low attack complexity with no authentication required\\\",\\n \\\"Adjacent network vector suggests practical exploitation in environments with wireless proximity\\\"\\n ],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Adjacent (wireless radio range)\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"High - Urgent Verification\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"Public PoC exists with HIGH CVSS score (8.1) and low attack complexity. Vulnerability affects critical authentication mechanism in widely deployed IoT platforms. Requires immediate inventory assessment of Espressif-based devices and evaluation of wireless security controls.\\\",\\n \\\"recommended_sla\\\": \\\"Initial inventory and risk assessment within 48 hours; mitigation planning within 1 week\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"High confidentiality and integrity impact with no availability impact. Successful exploitation enables complete bypass of WPA2-Enterprise authentication, leading to unauthorized data access and potential credential compromise.\\\",\\n \\\"technical_impact_details\\\": \\\"Attackers can: (1) Decrypt all wireless traffic from affected devices, (2) Inject malicious packets into network communications, (3) Replay authenticated sessions, (4) Potentially extract sensitive credentials transmitted over wireless. The zero PMK vulnerability breaks the fundamental cryptographic guarantee that only authenticated parties can derive session keys.\\\",\\n \\\"blast_radius\\\": \\\"All Espressif ESP-IDF 2.0.0-4.0.0 and ESP8266_NONOS_SDK 2.2.0-3.1.0 devices using EAP authentication methods in wireless range of potential attackers. This includes consumer IoT devices, industrial sensors, smart home equipment, and embedded systems.\\\",\\n \\\"business_risk_rating\\\": \\\"4\\\",\\n \\\"business_risk_justification\\\": \\\"High business risk due to: (1) Widespread deployment of affected chipsets in enterprise IoT ecosystems, (2) Authentication bypass enabling complete security control circumvention, (3) Public exploit availability lowering barrier to entry, (4) Difficulty in detecting rogue AP attacks, (5) Potential regulatory compliance implications for data protection. Risk mitigated somewhat by requirement for physical proximity and the 2019 disclosure date allowing time for patches.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\n \\\"Espressif ESP-IDF\\\",\\n \\\"Espressif ESP8266_NONOS_SDK\\\"\\n ],\\n \\\"affected_versions\\\": \\\"ESP-IDF 2.0.0 through 4.0.0; ESP8266_NONOS_SDK 2.2.0 through 3.1.0\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires devices configured for EAP authentication methods (PEAP, EAP-TLS, EAP-TTLS, etc.). Does not affect devices using only WPA2-Personal (PSK) authentication.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Devices with internet-facing wireless interfaces or deployed in public/accessible locations face highest risk. Indoor deployments with physical security controls have reduced exposure.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Rogue Access Point EAP Downgrade Attack\\\",\\n \\\"attacker_goal\\\": \\\"Intercept and decrypt sensitive IoT device communications\\\",\\n \\\"steps_high_level\\\": [\\n \\\"Attacker sets up rogue AP with same SSID as legitimate network, configured for EAP authentication\\\",\\n \\\"Vulnerable device attempts authentication and accepts zero PMK installation\\\",\\n \\\"Attacker completes 4-way handshake using zero PMK to derive session keys\\\",\\n \\\"Attacker decrypts all encrypted traffic and injects malicious packets\\\"\\n ],\\n \\\"likely_targets\\\": \\\"Enterprise IoT deployments, smart building sensors, industrial monitoring devices using WPA2-Enterprise\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Credential Harvesting via Traffic Decryption\\\",\\n \\\"attacker_goal\\\": \\\"Steal authentication credentials and sensitive data from IoT devices\\\",\\n \\\"steps_high_level\\\": [\\n \\\"Attacker positions within radio range of target IoT deployment\\\",\\n \\\"Establishes rogue AP exploiting zero PMK vulnerability\\\",\\n \\\"Captures encrypted authentication exchanges and application data\\\",\\n \\\"Uses derived session keys to decrypt credentials and sensitive payloads\\\"\\n ],\\n \\\"likely_targets\\\": \\\"Smart home devices, connected sensors transmitting personal data, industrial control systems\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Firmware Update and Network Segmentation\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Update all affected Espressif devices to patched firmware versions beyond ESP-IDF 4.0.0 and ESP8266_NONOS_SDK 3.1.0, verifying EAP implementation fixes.\\\",\\n \\\"Implement network segmentation to isolate IoT devices from critical infrastructure, using VLANs and firewall rules to limit lateral movement.\\\",\\n \\\"Deploy wireless intrusion detection systems (WIDS) to monitor for rogue access points and anomalous EAP authentication patterns.\\\"\\n ],\\n \\\"workarounds\\\": \\\"If patching is not immediately feasible, consider: (1) Switching to WPA2-Personal (PSK) authentication if EAP is not required, (2) Implementing certificate pinning for EAP-TLS, (3) Using wired connectivity where possible, (4) Restricting physical access to device locations.\\\",\\n \\\"patching_notes\\\": \\\"Contact Espressif or device manufacturers for updated firmware. Verify that patches properly validate PMK during EAP authentication. Test updates in isolated environment before production deployment.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Inventory all Espressif-based devices and document firmware versions against affected ranges\\\",\\n \\\"Conduct wireless security assessment to identify rogue AP presence and authentication anomalies\\\",\\n \\\"Test updated firmware in lab environment with EAP authentication to verify PMK validation\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of current firmware before updates. Document configuration changes. Plan rollback procedures if updated firmware causes operational issues. Monitor for authentication failures post-update.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for rogue access points broadcasting enterprise SSIDs using wireless intrusion detection systems\\\",\\n \\\"Alert on EAP authentication failures or anomalies, particularly repeated authentication attempts from same device\\\",\\n \\\"Hunt for wireless clients connecting to APs with identical SSIDs but different BSSIDs\\\",\\n \\\"Analyze 802.11 management frames for beacon flood attacks or EAPOL frame manipulation\\\",\\n \\\"Monitor network logs for devices failing authentication but maintaining encrypted sessions\\\",\\n \\\"Search for unusual wireless traffic patterns indicating potential man-in-the-middle activity\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Public proof-of-concept available; no confirmed in-the-wild exploitation data in input\\\",\\n \\\"public_exploit_references\\\": \\\"https://github.com/Matheus-Garbelini/esp32_esp8266_attacks\\\",\\n \\\"epss\\\": \\\"0.00102 (percentile: 0.28597)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High supply chain relevance as Espressif chipsets are embedded in thousands of IoT products across multiple vendors. Single vulnerability affects entire ecosystem of device manufacturers.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\n \\\"Specific fixed firmware versions\\\",\\n \\\"Vendor patch release dates and availability\\\",\\n \\\"CISA KEV status\\\",\\n \\\"Detailed exploit technical documentation\\\",\\n \\\"Information about affected device manufacturers using these SDKs\\\"\\n ],\\n \\\"conflicts_or_ambiguities\\\": [\\n \\\"EPSS score discrepancy: EUVD reports 0.1000 while EPSS source reports 0.00102\\\",\\n \\\"Limited detail on which specific EAP methods are affected\\\",\\n \\\"No information on exploit reliability or success rates\\\"\\n ],\\n \\\"assumptions_made\\\": [\\n \\\"Assumed EAP authentication is required for exploitation (PSK mode may not be affected)\\\",\\n \\\"Inferred exploitability from public PoC repository without detailed code review\\\",\\n \\\"Assumed physical proximity requirement limits widespread exploitation\\\"\\n ],\\n \\\"confidence\\\": \\\"Medium confidence due to: (1) Clear vulnerability description and CVSS metrics, (2) Public PoC evidence, (3) Missing specific patch details and vendor statements, (4) Limited information on real-world exploitation\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://github.com/Matheus-Garbelini/esp32_esp8266_attacks\\\",\\n \\\"https://github.com/espressif\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"41\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2015-5316\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2015-5316\\\",\\n \\\"title\\\": \\\"wpa_supplicant EAP-pwd NULL Pointer Dereference DoS\\\",\\n \\\"short_description\\\": \\\"wpa_supplicant 2.x before 2.6 contains a NULL pointer dereference in the eap_pwd_perform_confirm_exchange function when EAP-pwd is enabled. A remote attacker can crash the daemon by sending an EAP-pwd Confirm message followed by an Identity exchange.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows unauthenticated remote attackers to cause a persistent denial of service to wireless authentication clients. The daemon crash disrupts network connectivity for affected devices, requiring manual restart. While impact is limited to availability, the attack requires no authentication and can be delivered over network-accessible wireless authentication exchanges.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.0\\\",\\n \\\"cvss_base_score\\\": \\\"5.9\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-476\\\"],\\n \\\"weakness_summary\\\": \\\"NULL Pointer Dereference in EAP-pwd protocol implementation during confirm message processing\\\",\\n \\\"attack_surface\\\": \\\"Network-accessible EAP-pwd authentication exchange; requires EAP-pwd enabled in wpa_supplicant configuration\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Attack requires sending malformed EAP-pwd messages during authentication exchange. High attack complexity due to timing requirements and protocol state manipulation.\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of in-the-wild exploitation found in input data\\\", \\\"EPSS score indicates low exploitation likelihood (1.52%)\\\", \\\"Vulnerability published 2015 with limited public attention\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes - attacker must be able to send packets to wpa_supplicant during EAP authentication\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"High - requires precise timing of EAP-pwd Confirm message followed by Identity exchange\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity DoS vulnerability with high attack complexity. No evidence of active exploitation. Impact limited to availability with manual recovery possible. Priority driven by wireless infrastructure criticality and EAP-pwd deployment scope.\\\",\\n \\\"recommended_sla\\\": \\\"90 days for standard patching cycle; 30 days if EAP-pwd is widely deployed in critical wireless infrastructure\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Availability impact only - daemon crash requiring manual restart\\\",\\n \\\"technical_impact_details\\\": \\\"NULL pointer dereference causes wpa_supplicant process termination, disrupting active network connections. No code execution or information disclosure. Service restoration requires process restart or system reboot.\\\",\\n \\\"blast_radius\\\": \\\"Limited to devices running wpa_supplicant 2.x before 2.6 with EAP-pwd enabled in configuration. Affects wireless clients and potentially infrastructure devices using wpa_supplicant.\\\",\\n \\\"business_risk_rating\\\": \\\"2\\\",\\n \\\"business_risk_justification\\\": \\\"Limited business risk due to: (1) DoS only - no data compromise, (2) manual recovery possible, (3) high attack complexity reduces likelihood, (4) EAP-pwd is not commonly deployed. Risk increases if wireless infrastructure is mission-critical or EAP-pwd is widely used.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"w1.fi wpa_supplicant\\\", \\\"Debian Linux 8.0\\\"],\\n \\\"affected_versions\\\": \\\"wpa_supplicant 2.x versions before 2.6\\\",\\n \\\"fixed_versions\\\": \\\"wpa_supplicant 2.6 and later\\\",\\n \\\"configuration_dependencies\\\": \\\"EAP-pwd must be enabled in wpa_supplicant network configuration profile\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Medium - wireless authentication protocols may be accessible from network-adjacent attackers. Internet exposure depends on network architecture and wireless infrastructure placement.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Targeted Wireless DoS Attack\\\",\\n \\\"attacker_goal\\\": \\\"Disrupt wireless connectivity for specific devices using EAP-pwd authentication\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker identifies target devices using EAP-pwd authentication\\\", \\\"Attacker sends crafted EAP-pwd Confirm message during authentication exchange\\\", \\\"Attacker follows with Identity exchange to trigger NULL pointer dereference\\\"],\\n \\\"likely_targets\\\": \\\"Enterprise wireless clients, embedded devices using wpa_supplicant with EAP-pwd configuration\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Infrastructure Disruption\\\",\\n \\\"attacker_goal\\\": \\\"Cause service disruption to wireless infrastructure components\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker scans for EAP-pwd enabled services on network\\\", \\\"Attacker crafts malicious EAP-pwd packets targeting wpa_supplicant instances\\\", \\\"Repeated attacks cause persistent service unavailability\\\"],\\n \\\"likely_targets\\\": \\\"Network infrastructure devices, IoT devices, embedded systems using vulnerable wpa_supplicant versions\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Management\\\",\\n \\\"mitigation_action\\\": [\\\"Upgrade wpa_supplicant to version 2.6 or later on all affected systems\\\", \\\"Audit network configurations to identify systems using EAP-pwd authentication method\\\", \\\"Implement network segmentation to limit exposure of EAP authentication traffic to untrusted networks\\\"],\\n \\\"workarounds\\\": \\\"Disable EAP-pwd in wpa_supplicant configuration if not required for network operation\\\",\\n \\\"patching_notes\\\": \\\"Verify patch compatibility with existing wireless infrastructure and authentication systems. Test in non-production environment first.\\\",\\n \\\"verification_steps\\\": [\\\"Check wpa_supplicant version with 'wpa_supplicant -v' command\\\", \\\"Review wpa_supplicant configuration files for EAP-pwd settings\\\", \\\"Monitor system logs for wpa_supplicant crashes or restarts\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of configuration files before patching. Prepare rollback procedure if patch causes compatibility issues with existing wireless infrastructure.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor system logs for wpa_supplicant process crashes or unexpected terminations\\\",\\n \\\"Alert on repeated EAP authentication failures from single sources within short time windows\\\",\\n \\\"Network IDS/IPS rules to detect malformed EAP-pwd protocol messages\\\",\\n \\\"Correlate wireless connectivity issues with EAP authentication events\\\",\\n \\\"Hunt for unusual network patterns during EAP authentication exchanges\\\",\\n \\\"Monitor for wpa_supplicant restart patterns indicating potential exploitation attempts\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"No evidence of active exploitation found in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"1.52% (EPSS v1) / 1.524% (EPSS v2 percentile 80.691%)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - wpa_supplicant is widely used in Linux distributions and embedded systems. Vulnerability affects specific versions but has limited scope due to EAP-pwd deployment requirements.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed vendor patch release dates\\\", \\\"Complete list of affected operating system distributions\\\", \\\"Information about backporting status in various Linux distributions\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS scores show discrepancy between versions (1.52% vs 1.524%) - likely due to different calculation methodologies\\\"],\\n \\\"assumptions_made\\\": [\\\"EAP-pwd deployment is relatively uncommon in enterprise environments\\\", \\\"Manual recovery from DoS is acceptable business risk for most organizations\\\", \\\"Attack complexity significantly reduces practical exploitability\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear, but limited information about current deployment scope and exploitation status\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://w1.fi/security/2015-8/eap-pwd-unexpected-confirm.txt\\\",\\n \\\"http://www.openwall.com/lists/oss-security/2015/11/10/11\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"4\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2019-15894\",\n            \"component_name\": \"esp-idf\",\n            \"component_version\": \"5.4\",\n            \"component_cpe\": \"cpe:2.3:a:espressif:esp_idf:5.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:github/espressif/esp-idf@v5.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2019-15894\\\",\\n \\\"title\\\": \\\"CVE-2019-15894 - Espressif ESP-IDF Secure Boot Bypass via Fault Injection\\\",\\n \\\"short_description\\\": \\\"Espressif ESP-IDF versions 2.x through 3.3.1 contain a vulnerability where physical fault injection on the ESP32 CPU can bypass Secure Boot digest verification, allowing attackers to boot unverified code from flash memory.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability undermines the Secure Boot security mechanism in ESP32 devices, potentially allowing attackers to execute arbitrary malicious code during device startup. While Flash Encryption remains intact, the bypass of Secure Boot verification represents a critical compromise of the device's trusted boot chain, particularly concerning for IoT devices deployed in untrusted physical environments.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"6.8\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"Not available / Not specified in input data\\\"],\\n \\\"weakness_summary\\\": \\\"Secure Boot bypass vulnerability allowing execution of unverified code through physical fault injection attacks on the ESP32 CPU during startup verification process.\\\",\\n \\\"attack_surface\\\": \\\"Physical access to ESP32 hardware during boot sequence; requires direct physical manipulation of the device CPU through fault injection techniques.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires physical access and specialized fault injection equipment to disrupt CPU operations during Secure Boot verification. The attack complexity is low once physical access is obtained, but requires technical expertise in hardware fault injection techniques.\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of in-the-wild exploitation mentioned in input data\\\", \\\"EPSS score of 0.00053 indicates low exploitation probability\\\", \\\"Vendor security advisory published with technical details\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"No\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low (given physical access)\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"While the vulnerability has high impact potential (complete Secure Boot bypass), the physical access requirement and specialized attack technique significantly reduce immediate risk. The medium CVSS score (6.8) combined with low EPSS score (0.00053) suggests this should be addressed through scheduled security updates rather than emergency patching, unless devices are deployed in high-risk physical environments.\\\",\\n \\\"recommended_sla\\\": \\\"90 days for devices in physically secure environments; 30 days for devices in untrusted physical locations\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"High confidentiality, integrity, and availability impact if successfully exploited\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation allows complete bypass of Secure Boot verification, enabling execution of arbitrary malicious code during device startup. The Flash Encryption feature remains active, but the trusted boot chain is compromised, potentially allowing persistent malware installation.\\\",\\n \\\"blast_radius\\\": \\\"All ESP32 devices running affected ESP-IDF versions (2.x through 3.3.1) that are physically accessible to attackers. Impact is limited to individual devices rather than network-wide compromise.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to physical access requirement and specialized attack technique. Risk increases significantly for IoT devices deployed in publicly accessible locations or untrusted environments. Organizations with large ESP32 deployments in insecure physical locations should prioritize this vulnerability higher.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Espressif ESP-IDF\\\"],\\n \\\"affected_versions\\\": \\\"ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.6, 3.2.x through 3.2.3, and 3.3.x through 3.3.1\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires ESP32 devices with Secure Boot enabled; Flash Encryption may provide partial mitigation but does not prevent the Secure Boot bypass\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Devices with internet connectivity and physical accessibility represent the highest risk scenario, as successful exploitation could enable network-based attacks from compromised devices.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Physical Fault Injection Attack on Deployed IoT Device\\\",\\n \\\"attacker_goal\\\": \\\"Bypass Secure Boot to install persistent malware on ESP32-based IoT device\\\",\\n \\\"steps_high_level\\\": [\\\"Gain physical access to target ESP32 device\\\", \\\"Apply fault injection technique during device boot sequence to disrupt Secure Boot verification\\\", \\\"Flash malicious code that bypasses verification checks\\\"],\\n \\\"likely_targets\\\": \\\"ESP32-based IoT devices in publicly accessible locations, industrial control systems, smart building devices, or any ESP32 hardware with physical exposure\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Supply Chain Compromise via Pre-installed Malware\\\",\\n \\\"attacker_goal\\\": \\\"Compromise ESP32 devices during manufacturing or distribution with persistent malicious firmware\\\",\\n \\\"steps_high_level\\\": [\\\"Obtain ESP32 devices during manufacturing or distribution phase\\\", \\\"Use fault injection to bypass Secure Boot on multiple devices\\\", \\\"Install malicious firmware that appears legitimate but contains backdoors\\\"],\\n \\\"likely_targets\\\": \\\"ESP32 devices in supply chain before deployment; organizations purchasing pre-configured ESP32 modules from third-party vendors\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Physical Security Controls\\\",\\n \\\"mitigation_action\\\": [\\\"Update ESP-IDF to patched versions beyond 3.3.1 as specified in vendor security advisory\\\", \\\"Implement physical security controls to prevent unauthorized physical access to ESP32 devices\\\", \\\"Enable both Secure Boot and Flash Encryption features as recommended defense-in-depth configuration\\\"],\\n \\\"workarounds\\\": \\\"Deploy devices in physically secure locations with restricted access; implement tamper detection mechanisms; use epoxy potting or other physical hardening techniques to make fault injection more difficult\\\",\\n \\\"patching_notes\\\": \\\"Contact Espressif for specific patched versions and migration guidance. Ensure Flash Encryption keys are properly managed during updates to prevent device bricking.\\\",\\n \\\"verification_steps\\\": [\\\"Verify ESP-IDF version is updated beyond affected versions (post 3.3.1)\\\", \\\"Confirm Secure Boot and Flash Encryption are both enabled and properly configured\\\", \\\"Test device functionality after updates to ensure no operational impact\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of original firmware and configuration before updating; ensure Flash Encryption keys are securely backed up to prevent permanent device lockout\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for unexpected device reboots or boot sequence anomalies that might indicate fault injection attempts\\\",\\n \\\"Implement tamper detection logging for physical access to device enclosures or hardware\\\",\\n \\\"Deploy network monitoring to detect unusual network behavior from ESP32 devices that might indicate compromise\\\",\\n \\\"Use hardware security modules or trusted platform modules to detect boot chain integrity violations\\\",\\n \\\"Monitor for firmware update attempts or configuration changes that bypass normal update procedures\\\",\\n \\\"Implement device attestation mechanisms to verify boot integrity remotely\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00053\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High relevance for supply chain security as devices could be compromised during manufacturing or distribution with persistent malware\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Specific CWE identifier\\\", \\\"Detailed technical description of fault injection method\\\", \\\"Exact fixed versions and patch availability timeline\\\", \\\"Vendor-provided CVSS scoring\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS scores show discrepancy: 0.0500 in cves_euvd vs 0.00053 in cves_epss - using cves_epss value as more recent (2025-11-23)\\\", \\\"Limited detail on whether Flash Encryption provides complete mitigation or only partial protection\\\"],\\n \\\"assumptions_made\\\": [\\\"Physical access requirement significantly reduces risk for most enterprise environments\\\", \\\"Flash Encryption remains effective despite Secure Boot bypass\\\", \\\"Vendor has released patches for versions beyond 3.3.1\\\"],\\n \\\"confidence\\\": \\\"Medium confidence due to limited technical details and conflicting EPSS scores; recommend consulting vendor advisory for authoritative information\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://www.espressif.com/en/news/Espressif_Security_Advisory_Concerning_Fault_Injection_and_Secure_Boot\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"5\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2020-12638\",\n            \"component_name\": \"esp-idf\",\n            \"component_version\": \"5.4\",\n            \"component_cpe\": \"cpe:2.3:a:espressif:esp_idf:5.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:github/espressif/esp-idf@v5.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2020-12638\\\",\\n \\\"title\\\": \\\"Espressif Wi‑Fi Encryption Bypass via Forged Beacon Frames\\\",\\n \\\"short_description\\\": \\\"An encryption-bypass vulnerability in Espressif ESP-IDF (through 4.2), ESP8266_NONOS_SDK (through 3.0.3), and ESP8266_RTOS_SDK (through 3.3) allows an attacker within Wi‑Fi range to broadcast forged beacon frames that force a device to change its authentication mode to OPEN, effectively disabling 802.11 encryption.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows a nearby attacker to disable Wi‑Fi encryption on affected Espressif-based IoT/embedded devices without authentication, exposing all subsequent wireless communications to eavesdropping, tampering, and credential harvesting. It undermines the confidentiality and integrity of Wi‑Fi protected networks and is relevant to any deployment using affected SDKs in environments with physical proximity threats.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"6.8\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"Not available / Not specified in input data\\\"],\\n \\\"weakness_summary\\\": \\\"The device insecurely processes forged 802.11 beacon frames, causing an unintended authentication mode downgrade to OPEN, which disables encryption.\\\",\\n \\\"attack_surface\\\": \\\"Wi‑Fi radio interface; requires adjacency (adjacent network vector) and ability to transmit crafted beacon frames.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires an attacker to be within Wi‑Fi range and broadcast forged beacon frames; attack complexity is High per CVSS, suggesting non-trivial setup or timing.\\\",\\n \\\"evidence_signals\\\": [\\\"No explicit in-the-wild exploitation or public PoC is indicated in the input data.\\\", \\\"EPSS score is low (0.00040), suggesting limited observed exploitation.\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Adjacent (Wi‑Fi)\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"High\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"CVSS 6.8 MEDIUM with High attack complexity and no evidence of active exploitation; however, successful exploitation disables encryption and exposes sensitive wireless traffic. Prioritize patching in exposed or high-risk IoT deployments during the next maintenance window.\\\",\\n \\\"recommended_sla\\\": \\\"Apply patches within 90 days; accelerate if devices are internet-exposed or in physically accessible locations.\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"High confidentiality and integrity impact (C:H/I:H/A:N) on wireless communications; availability is not directly affected.\\\",\\n \\\"technical_impact_details\\\": \\\"Disables 802.11 encryption, enabling passive eavesdropping, session hijacking, injection, and credential theft for all subsequent Wi‑Fi traffic until the device reconnects or reboots.\\\",\\n \\\"blast_radius\\\": \\\"All devices running affected SDK versions within Wi‑Fi range of an attacker; IoT fleets in shared physical spaces are at elevated risk.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to the physical proximity requirement and high attack complexity, but high impact if exploited. Risk increases in publicly accessible or multi-tenant environments where an attacker can achieve adjacency.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Espressif ESP-IDF\\\", \\\"Espressif ESP8266_NONOS_SDK\\\", \\\"Espressif ESP8266_RTOS_SDK\\\"],\\n \\\"affected_versions\\\": \\\"ESP-IDF through 4.2; ESP8266_NONOS_SDK through 3.0.3; ESP8266_RTOS_SDK through 3.3\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Devices must be in a Wi‑Fi station mode and associate with an access point; the vulnerability is triggered by receiving forged beacon frames.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Devices with internet-facing Wi‑Fi or in physically accessible locations are at higher risk; local network segmentation alone does not prevent adjacent-network attacks.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Public Hotspot Eavesdropping\\\",\\n \\\"attacker_goal\\\": \\\"Disable encryption on nearby IoT devices to capture credentials and sensitive data.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker positions within Wi‑Fi range of a target device using an affected Espressif SDK.\\\", \\\"Attacker crafts and broadcasts forged beacon frames targeting the device.\\\", \\\"Device downgrades authentication to OPEN, disabling encryption; attacker sniffs all subsequent traffic.\\\"],\\n \\\"likely_targets\\\": \\\"IoT devices in cafes, lobbies, or shared workspaces; sensors and smart devices with Wi‑Fi connectivity.\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Insider or Physical Access Attack\\\",\\n \\\"attacker_goal\\\": \\\"Bypass encryption on corporate or industrial IoT sensors to exfiltrate data or inject commands.\\\",\\n \\\"steps_high_level\\\": [\\\"Insider or visitor brings a portable transmitter into a facility with deployed Espressif-based sensors.\\\", \\\"Transmitter sends forged beacon frames to force target devices into OPEN mode.\\\", \\\"Attacker intercepts telemetry or injects malicious commands over the unencrypted link.\\\"],\\n \\\"likely_targets\\\": \\\"Building automation, industrial sensors, or smart equipment within physical reach.\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Compensating Controls\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade affected Espressif SDKs to versions beyond the affected ranges (ESP-IDF >4.2, ESP8266_NONOS_SDK >3.0.3, ESP8266_RTOS_SDK >3.3) and rebuild/flash device firmware.\\\",\\n \\\"Deploy network segmentation and Wi‑Fi intrusion detection to flag anomalous beacon activity and prevent adjacent-network attacks from reaching critical devices.\\\",\\n \\\"Apply device-hardening measures such as disabling unnecessary Wi‑Fi features, enforcing WPA3-Enterprise where possible, and monitoring for unexpected authentication mode changes.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"patching_notes\\\": \\\"Verify firmware images and update mechanisms are authentic and integrity-protected before deployment; test patches in a non-production environment.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Inventory all Espressif-based devices and confirm SDK versions against the affected ranges.\\\",\\n \\\"Use a Wi‑Fi sniffer or test beacon injection in a controlled lab to verify the patch prevents the downgrade.\\\",\\n \\\"Monitor device logs and Wi‑Fi association events for any unexpected OPEN authentication transitions post-patch.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain a pre-patch firmware backup and a rollback procedure; ensure devices can be re-flashed via a secure, authenticated method if issues arise.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor Wi‑Fi association logs for devices unexpectedly switching to OPEN authentication mode.\\\",\\n \\\"Deploy Wi‑Fi IDS/IPS to detect forged beacon frames or anomalous beacon rates near critical IoT segments.\\\",\\n \\\"Correlate EDR/network telemetry for unusual cleartext traffic from devices that normally use encrypted Wi‑Fi.\\\",\\n \\\"Hunt for rogue APs or transmitters in physically secured areas using wireless site surveys and beacon analysis.\\\",\\n \\\"Alert on beacon frames with spoofed BSSIDs or unexpected authentication capability flags targeting known Espressif device OUI ranges.\\\",\\n \\\"Review device logs for authentication mode change events or reconnection spikes coinciding with potential beacon activity.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00040\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Affects Espressif SDKs used in many third-party IoT products; organizations should verify whether embedded devices incorporate affected SDK versions.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"CWE identifiers\\\", \\\"Fixed version numbers\\\", \\\"Vendor advisory or patch links\\\", \\\"CISA KEV status\\\", \\\"Public exploit/PoC references\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS values differ between sources (0.0400 vs 0.00040); using the EPSS source value (0.00040) as authoritative.\\\", \\\"CVSS base score is provided as a string; interpreting as numeric 6.8.\\\"],\\n \\\"assumptions_made\\\": [\\\"Attack complexity High implies non-trivial effort to craft and time beacon frames.\\\", \\\"No evidence of active exploitation is assumed based on EPSS and lack of explicit signals.\\\", \\\"Affected products are inferred from CPEs and description; exact device models are not enumerated.\\\"],\\n \\\"confidence\\\": \\\"Medium confidence due to missing vendor advisories and fixed versions; analysis relies on CVE description and CVSS metrics.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://github.com/espressif/ESP8266_NONOS_SDK\\\",\\n \\\"https://github.com/espressif/ESP8266_RTOS_SDK\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"14\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2024-33453\",\n            \"component_name\": \"esp-idf\",\n            \"component_version\": \"5.4\",\n            \"component_cpe\": \"cpe:2.3:a:espressif:esp_idf:5.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:github/espressif/esp-idf@v5.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2024-33453\\\",\\n \\\"title\\\": \\\"Espressif ESP-IDF v5.1 externalId Buffer Overflow Information Disclosure\\\",\\n \\\"short_description\\\": \\\"A buffer overflow in the externalId component of Espressif ESP-IDF v5.1 allows an authenticated remote attacker to exfiltrate sensitive information.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability enables authenticated network attackers to trigger a buffer overflow and read sensitive information from affected ESP-IDF devices. IoT/embedded devices built on ESP-IDF often handle credentials, sensor data, or device identities; information disclosure can facilitate authentication bypass, lateral movement, or privacy violations. The combination of network accessibility, low attack complexity, and high confidentiality impact warrants prompt mitigation in exposed deployments.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"8.1\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\\\",\\n \\\"severity_label\\\": \\\"HIGH\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-120\\\"],\\n \\\"weakness_summary\\\": \\\"Classic buffer overflow (CWE-120) in the externalId component leading to information disclosure.\\\",\\n \\\"attack_surface\\\": \\\"Network-accessible externalId parameter in ESP-IDF v5.1; likely exposed via device APIs or management interfaces.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Public PoC\\\",\\n \\\"exploit_summary\\\": \\\"A public proof-of-concept exists on GitHub, indicating reproducible exploitation. No in-the-wild exploitation is reported in the input data.\\\",\\n \\\"evidence_signals\\\": [\\\"Public PoC repository available at github.com/Ant1sec-ops/CVE-2024-33453\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Network\\\",\\n \\\"authentication_required\\\": \\\"Low privileges\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"Low\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"High - Urgent Verification\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"Public PoC and HIGH CVSS with low complexity and authentication requirements make exploitation likely. Affected IoT/embedded devices may be widely deployed with internet exposure; prioritize verification and patching.\\\",\\n \\\"recommended_sla\\\": \\\"Verify exposure within 48 hours; apply patches or mitigations within 7 days.\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"High confidentiality and integrity impact; no availability impact per CVSS.\\\",\\n \\\"technical_impact_details\\\": \\\"Buffer overflow in externalId allows reading beyond bounds, disclosing sensitive memory contents (credentials, keys, configuration). Integrity impact suggests potential for data manipulation or control-flow influence not fully detailed in the input.\\\",\\n \\\"blast_radius\\\": \\\"All ESP-IDF v5.1 deployments with network-accessible externalId interfaces are potentially affected; IoT fleets and embedded edge devices face the highest risk.\\\",\\n \\\"business_risk_rating\\\": \\\"4\\\",\\n \\\"business_risk_justification\\\": \\\"High CVSS, public PoC, and IoT/embedded deployment context elevate risk. Information disclosure can lead to credential theft, privacy violations, and lateral movement. If devices are internet-facing or in critical infrastructure, impact is severe.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Espressif ESP-IDF\\\"],\\n \\\"affected_versions\\\": \\\"5.1\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires network-accessible externalId interface; exact configuration not specified.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High relevance for internet-facing IoT/embedded devices; internal-only deployments have reduced exposure.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Remote Information Disclosure via externalId\\\",\\n \\\"attacker_goal\\\": \\\"Extract sensitive memory contents (credentials, keys, device identifiers).\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker authenticates with low privileges to the target device.\\\", \\\"Craft a malicious externalId input to trigger buffer overflow.\\\", \\\"Read returned memory contents to exfiltrate sensitive data.\\\"],\\n \\\"likely_targets\\\": \\\"Internet-facing IoT devices, embedded sensors, smart infrastructure using ESP-IDF v5.1.\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Insider or Compromised Account Abuse\\\",\\n \\\"attacker_goal\\\": \\\"Leverage authenticated access to harvest credentials for lateral movement.\\\",\\n \\\"steps_high_level\\\": [\\\"Insider or compromised low-privilege account accesses the externalId interface.\\\", \\\"Exploit buffer overflow to leak adjacent memory.\\\", \\\"Use disclosed secrets to escalate privileges or pivot to other systems.\\\"],\\n \\\"likely_targets\\\": \\\"Internal network IoT endpoints, building automation, industrial sensors.\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch or isolate\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade ESP-IDF to a patched version if available; otherwise isolate affected devices behind strict network access controls.\\\",\\n \\\"Apply input validation and bounds checking to the externalId parameter to prevent overflow.\\\",\\n \\\"Disable or restrict network exposure of the externalId interface to authenticated, necessary users only.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Implement network segmentation, deploy WAF/IPS rules to block oversized or malformed externalId inputs, and enforce least-privilege access.\\\",\\n \\\"patching_notes\\\": \\\"No fixed version is specified in the input; consult Espressif security advisories for updates.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Inventory all devices and firmware versions to identify ESP-IDF v5.1 usage.\\\",\\n \\\"Test the public PoC in a non-production environment to confirm exposure.\\\",\\n \\\"Review network logs for anomalous externalId requests or memory dumps.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"If patching causes instability, revert and rely on network isolation and input filtering until a stable fix is available.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor logs for oversized or unusual externalId parameter values in HTTP/API requests.\\\",\\n \\\"Hunt for memory dump artifacts or unexpected data disclosures in device responses.\\\",\\n \\\"Alert on authentication attempts followed by repeated externalId manipulations.\\\",\\n \\\"Use EDR/NDR to detect anomalous outbound data flows from IoT devices.\\\",\\n \\\"Search for exploitation patterns matching the public PoC code.\\\",\\n \\\"Correlate device crashes or restarts with externalId-related activity.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"https://github.com/Ant1sec-ops/CVE-2024-33453\\\",\\n \\\"epss\\\": \\\"0.04770\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"ESP-IDF is foundational for many IoT products; a single vulnerability can affect numerous downstream devices.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Fixed version\\\", \\\"Detailed vendor advisory link\\\", \\\"Exact vulnerable component path\\\", \\\"CISA KEV status\\\", \\\"In-the-wild exploitation evidence\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"CVSS shows HIGH integrity impact but description only mentions information disclosure; scope of integrity impact is unclear.\\\"],\\n \\\"assumptions_made\\\": [\\\"externalId is network-accessible via an API or management interface.\\\", \\\"Low-privilege authentication is required per CVSS PR:L.\\\", \\\"IoT/embedded deployment context increases business risk.\\\"],\\n \\\"confidence\\\": \\\"Medium: Core vulnerability and PoC are confirmed, but vendor response and precise impact scope are not fully documented.\\\"\\n },\\n\\n \\\"references\\\": [\\\"https://github.com/Ant1sec-ops/CVE-2024-33453\\\"],\\n\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"33\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2015-4141\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2015-4141\\\",\\n \\\"title\\\": \\\"hostapd and wpa_supplicant WPS UPnP negative chunk length denial of service\\\",\\n \\\"short_description\\\": \\\"The WPS UPnP function in hostapd (when using WPS AP) and wpa_supplicant (when using WPS external registrar) versions 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability enables remote attackers to crash Wi‑Fi authentication services (hostapd or wpa_supplicant) by sending a malformed HTTP chunked transfer encoding value. Successful exploitation disrupts Wi‑Fi availability for access points and clients, potentially leading to repeated service outages, user impact, and operational instability. The issue affects a wide range of versions and can be triggered over the network without authentication when WPS UPnP is enabled.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"2.0\\\",\\n \\\"cvss_base_score\\\": \\\"4.3\\\",\\n \\\"cvss_vector\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-125\\\", \\\"CWE-122\\\"],\\n \\\"weakness_summary\\\": \\\"Out-of-bounds read or heap-based buffer overflow due to improper validation of negative chunk length in HTTP chunked transfer encoding within WPS UPnP.\\\",\\n \\\"attack_surface\\\": \\\"Network-accessible WPS UPnP HTTP service on Wi‑Fi infrastructure (hostapd in AP mode) and clients using WPS external registrar (wpa_supplicant).\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Remote, unauthenticated attackers can trigger a DoS crash by sending a crafted negative chunk length in an HTTP chunked transfer encoding to the WPS UPnP service. No authentication or user interaction is required, but WPS UPnP must be enabled.\\\",\\n \\\"evidence_signals\\\": [\\\"Public advisory with technical details provided by w1.fi\\\", \\\"EPSS score indicates low real-world exploitation likelihood\\\", \\\"No evidence of in-the-wild exploitation or public PoC in input data\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity DoS with remote, unauthenticated trigger but requires WPS UPnP to be enabled. No evidence of active exploitation; EPSS is low. Prioritize patching within standard maintenance windows for affected Wi‑Fi infrastructure and clients.\\\",\\n \\\"recommended_sla\\\": \\\"90 days\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Denial of Service (Availability)\\\",\\n \\\"technical_impact_details\\\": \\\"Process crash (hostapd or wpa_supplicant) leading to Wi‑Fi service disruption. Potential heap corruption may enable further exploitation, though input data does not confirm code execution.\\\",\\n \\\"blast_radius\\\": \\\"Affected Wi‑Fi APs and clients with WPS UPnP enabled on the same network segment; exposure limited to LAN unless UPnP is forwarded.\\\",\\n \\\"business_risk_rating\\\": \\\"2\\\",\\n \\\"business_risk_justification\\\": \\\"DoS impact is localized to Wi‑Fi availability and can be recovered by process restart or patch. No evidence of data compromise or lateral movement. Risk is moderate for environments with mission-critical Wi‑Fi dependencies.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"w1.fi hostapd\\\", \\\"w1.fi wpa_supplicant\\\", \\\"openSUSE 13.1\\\", \\\"openSUSE 13.2\\\"],\\n \\\"affected_versions\\\": \\\"hostapd 0.7.0–2.4; wpa_supplicant 0.7.0–2.4; openSUSE 13.1, 13.2\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"WPS UPnP must be enabled (hostapd with WPS AP mode; wpa_supplicant with WPS external registrar).\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Low unless UPnP IGD is exposed to the internet; typically LAN-local.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Remote DoS against Wi‑Fi AP\\\",\\n \\\"attacker_goal\\\": \\\"Disrupt Wi‑Fi service availability for connected clients.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker identifies a hostapd AP with WPS UPnP enabled on the local network.\\\", \\\"Attacker crafts an HTTP request with a negative chunk length targeting the WPS UPnP endpoint.\\\", \\\"hostapd processes the malformed chunk, triggering an out-of-bounds read or heap overflow, causing a crash and Wi‑Fi outage.\\\"],\\n \\\"likely_targets\\\": \\\"Enterprise or public Wi‑Fi access points using hostapd with WPS UPnP enabled.\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Client-side DoS via WPS ER\\\",\\n \\\"attacker_goal\\\": \\\"Crash wpa_supplicant on a client device using WPS external registrar.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker identifies a client device running wpa_supplicant with WPS ER enabled.\\\", \\\"Attacker sends a crafted negative chunk length HTTP message to the client's UPnP service.\\\", \\\"wpa_supplicant crashes, disrupting the client's Wi‑Fi connectivity until restart.\\\"],\\n \\\"likely_targets\\\": \\\"Devices acting as WPS external registrars (e.g., printers, IoT devices, laptops).\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch or disable feature\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Apply vendor patches for hostapd and wpa_supplicant to versions beyond 2.4, or update to a fixed upstream release.\\\",\\n \\\"Disable WPS UPnP functionality in hostapd and wpa_supplicant configurations if not required.\\\",\\n \\\"Segment Wi‑Fi management networks to limit exposure to untrusted clients and block UPnP traffic from general LAN segments.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disable WPS UPnP on APs and clients; use network segmentation and ACLs to restrict UPnP traffic.\\\",\\n \\\"patching_notes\\\": \\\"Verify that patched versions address the negative chunk length parsing; test in a non-production environment before deployment.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Confirm WPS UPnP is disabled or the service is updated beyond version 2.4.\\\",\\n \\\"Monitor logs for crashes of hostapd or wpa_supplicant and correlate with UPnP activity.\\\",\\n \\\"Use packet captures or IDS to detect malformed HTTP chunked encoding targeting port 80/UPnP.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"If patching causes instability, roll back to the previous version and enforce strict network segmentation plus WPS UPnP disablement as compensating controls.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor process crashes of hostapd and wpa_supplicant via syslog, systemd journal, or EDR telemetry.\\\",\\n \\\"Alert on malformed HTTP requests containing negative Content-Length or chunk-size values in UPnP traffic.\\\",\\n \\\"Hunt for network scans or unsolicited UPnP discovery/messages targeting Wi‑Fi infrastructure IPs.\\\",\\n \\\"Correlate Wi‑Fi outages with UPnP HTTP traffic from untrusted sources using NetFlow or firewall logs.\\\",\\n \\\"Deploy IDS/IPS rules to detect and block HTTP chunked encoding with invalid chunk lengths.\\\",\\n \\\"Audit configurations for WPS UPnP enablement and flag exposed instances for patching or disablement.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.01465 (percentile 0.80279)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Embedded in Linux distributions and third-party Wi‑Fi firmware; assess downstream dependencies.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"CVSS vector string\\\", \\\"Fixed version information\\\", \\\"Vendor patch links\\\", \\\"CISA KEV status\\\", \\\"Evidence of public exploits\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"CVSS base score discrepancy: cves.cvss_score shows 0.0 while cves_euvd.basescore shows 4.3; using 4.3 as authoritative.\\\", \\\"EPSS values differ between sources (1.4600 vs 0.01465); using cves_epss.epss 0.01465 as authoritative.\\\"],\\n \\\"assumptions_made\\\": [\\\"WPS UPnP is typically LAN-local; exposure is limited unless explicitly forwarded.\\\", \\\"DoS is the primary impact; code execution is not confirmed in input data.\\\"],\\n \\\"confidence\\\": \\\"Medium\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://lists.opensuse.org/opensuse-updates/2015-06/msg00019.html\\\",\\n \\\"http://w1.fi/security/2015-2/wps-upnp-http-chunked-transfer-encoding.txt\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"37\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2015-4145\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2015-4145\\\",\\n \\\"title\\\": \\\"EAP-pwd Memory Leak DoS in hostapd and wpa_supplicant\\\",\\n \\\"short_description\\\": \\\"The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate whether a fragment is already being processed, allowing remote attackers to cause a denial of service (memory leak) via a crafted message.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability enables remote, unauthenticated attackers to trigger a memory leak in both client (wpa_supplicant) and server (hostapd) components of WPA/WPA2-Enterprise authentication. The flaw resides in the EAP-pwd (Extensible Authentication Protocol-Password) method, which is used for password-authenticated key exchange in enterprise Wi-Fi networks. A crafted EAP-pwd message can repeatedly allocate memory without freeing it, leading to resource exhaustion, service degradation, or crash. While the impact is limited to availability (DoS), it can disrupt legitimate authentication flows, lock users out of network access, and potentially destabilize infrastructure components in environments relying on EAP-pwd for secure wireless access.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"2.0\\\",\\n \\\"cvss_base_score\\\": \\\"5.0\\\",\\n \\\"cvss_vector\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-401\\\"],\\n \\\"weakness_summary\\\": \\\"Missing validation of fragment processing state in EAP-pwd implementation leads to memory leak (CWE-401: Missing Release of Memory after Effective Lifetime).\\\",\\n \\\"attack_surface\\\": \\\"Network-accessible EAP-pwd authentication endpoints (hostapd acting as authenticator/server; wpa_supplicant acting as supplicant/client) when EAP-pwd method is enabled.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Attackers can trigger the memory leak remotely without authentication by sending crafted EAP-pwd messages. Exploitation requires the target to have EAP-pwd enabled and reachability to the EAP-pwd service.\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of in-the-wild exploitation or public PoC in input data\\\", \\\"EPSS score indicates low real-world exploitation likelihood\\\", \\\"Vendor advisory published (w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt)\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes (adjacent or local network access to EAP-pwd service)\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low (crafted message sent to EAP-pwd endpoint)\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity DoS vulnerability with no authentication required but limited to EAP-pwd-enabled environments. No evidence of active exploitation; EPSS percentile (78.3%) suggests low real-world risk. Prioritize patching during regular maintenance windows unless EAP-pwd is widely deployed or mission-critical.\\\",\\n \\\"recommended_sla\\\": \\\"90 days (standard patching cycle) unless EAP-pwd is critical; then 30 days.\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Availability (Denial of Service) via memory leak; no confidentiality or integrity impact.\\\",\\n \\\"technical_impact_details\\\": \\\"Repeated crafted EAP-pwd messages cause unbounded memory allocation without release, leading to service degradation, crashes, or system instability. Impact affects both client (wpa_supplicant) and server (hostapd) components.\\\",\\n \\\"blast_radius\\\": \\\"Limited to systems with EAP-pwd enabled. EAP-pwd is less common than EAP-PEAP/EAP-TLS; exposure is niche. Affects hostapd 1.0–2.4 and wpa_supplicant 1.0–2.4.\\\",\\n \\\"business_risk_rating\\\": \\\"2\\\",\\n \\\"business_risk_justification\\\": \\\"DoS impact is moderate and localized to EAP-pwd deployments. No data theft or privilege escalation. Risk is elevated only if EAP-pwd is mission-critical or widely deployed in the environment.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"w1.fi hostapd\\\", \\\"w1.fi wpa_supplicant\\\", \\\"openSUSE 13.1\\\", \\\"openSUSE 13.2\\\"],\\n \\\"affected_versions\\\": \\\"hostapd 1.0–2.4; wpa_supplicant 1.0–2.4; openSUSE 13.1, 13.2\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"EAP-pwd must be enabled and exposed on network-accessible interfaces (typically Wi-Fi or wired 802.1X with EAP-pwd method).\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Low unless EAP-pwd services are internet-facing (rare). Most exposure is on internal/enterprise networks.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"EAP-pwd Memory Leak DoS\\\",\\n \\\"attacker_goal\\\": \\\"Disrupt Wi-Fi authentication service or client connectivity via resource exhaustion.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker identifies a target using EAP-pwd (e.g., via network reconnaissance or 802.1X negotiation).\\\", \\\"Attacker crafts and sends repeated EAP-pwd messages with fragments designed to bypass duplicate-processing checks.\\\", \\\"Target (hostapd or wpa_supplicant) allocates memory for each crafted fragment without releasing it, leading to memory exhaustion and DoS.\\\"],\\n \\\"likely_targets\\\": \\\"Enterprise Wi-Fi infrastructure (hostapd on access points/controllers) or clients (wpa_supplicant) configured with EAP-pwd.\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch or disable EAP-pwd\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade hostapd and wpa_supplicant to versions beyond 2.4 that include the fix (consult vendor advisories for exact patched versions).\\\",\\n \\\"Disable EAP-pwd authentication method if not required; migrate to more secure and common EAP methods like EAP-TLS or EAP-PEAP.\\\",\\n \\\"Implement network segmentation and access controls to limit EAP-pwd service exposure to untrusted networks.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"patching_notes\\\": \\\"Verify patched versions address the fragment validation issue. Test in non-production environments to ensure compatibility with existing EAP-pwd deployments.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Check current versions of hostapd and wpa_supplicant on affected systems.\\\",\\n \\\"Confirm EAP-pwd configuration status via wpa_supplicant/hostapd configuration files and runtime logs.\\\",\\n \\\"Monitor memory usage of hostapd/wpa_supplicant processes for abnormal growth after patch deployment.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"If patching causes issues, rollback to previous version and temporarily disable EAP-pwd until a compatible fix is available.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor hostapd and wpa_supplicant process memory usage for sustained growth or spikes indicative of memory leaks.\\\",\\n \\\"Alert on repeated EAP-pwd authentication failures or anomalous EAP-pwd message patterns from single sources.\\\",\\n \\\"Inspect network traffic for crafted EAP-pwd fragments (e.g., repeated fragment IDs or malformed payloads) using IDS/IPS rules.\\\",\\n \\\"Correlate system logs for hostapd/wpa_supplicant crashes or restarts with EAP-pwd events.\\\",\\n \\\"Hunt for unauthorized devices attempting EAP-pwd negotiation on segments where it is not expected.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.01205 (1.205%)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Low; affects specific versions of hostapd and wpa_supplicant, but not a systemic supply chain issue.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"CVSS vector string\\\", \\\"Fixed versions\\\", \\\"Detailed workarounds\\\", \\\"CISA KEV status\\\", \\\"Public exploit availability\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"CVSS score discrepancy: cves.cvss_score=0.0 vs cves_euvd.basescore=5.0; using 5.0 as authoritative.\\\", \\\"EPSS values differ between sources (1.2000 vs 0.01205); using 0.01205 from cves_epss as it is more recent and detailed.\\\"],\\n \\\"assumptions_made\\\": [\\\"EAP-pwd is not widely deployed in most enterprises; actual risk depends on usage.\\\", \\\"No active exploitation assumed due to lack of evidence in input data.\\\", \\\"Patching is feasible via vendor updates.\\\"],\\n \\\"confidence\\\": \\\"Medium (sufficient data for analysis but missing fixed versions and exploit details)\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://lists.opensuse.org/opensuse-updates/2015-06/msg00019.html\\\",\\n \\\"http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"27\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2014-4883\",\n            \"component_name\": \"lwip\",\n            \"component_version\": \"2.1.3\",\n            \"component_cpe\": \"cpe:2.3:a:lwip_project:lwip:2.1.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/lwip@2.1.3\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2014-4883\\\",\\n \\\"title\\\": \\\"DNS Cache Poisoning in uIP and lwIP Due to Predictable Query Identifiers and Source Ports\\\",\\n \\\"short_description\\\": \\\"The DNS resolvers in uIP (resolv.c) and lwIP 1.4.1 and earlier (dns.c) do not use random values for DNS query ID fields and source ports, enabling man-in-the-middle attackers to perform DNS cache poisoning via spoofed reply packets.\\\",\\n \\\"why_it_matters\\\": \\\"This weakness allows attackers with man-in-the-middle positioning to inject forged DNS responses, redirecting traffic to malicious destinations. It undermines DNS integrity and can enable phishing, credential harvesting, malware distribution, or service disruption. The vulnerability affects embedded and IoT stacks (uIP, lwIP) commonly used in constrained devices, where patching may be difficult or delayed.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"2.0\\\",\\n \\\"cvss_base_score\\\": \\\"4.3\\\",\\n \\\"cvss_vector\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"Not available / Not specified in input data\\\"],\\n \\\"weakness_summary\\\": \\\"DNS cache poisoning via insufficient transaction ID and source port randomization in DNS queries.\\\",\\n \\\"attack_surface\\\": \\\"DNS resolver library (resolv.c in uIP; dns.c in lwIP). Attackers with MITM capability can spoof DNS replies.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires man-in-the-middle access to observe or predict DNS query characteristics and inject forged responses. No authentication or privileges are needed, but network positioning is necessary.\\\",\\n \\\"evidence_signals\\\": [\\\"No explicit in-the-wild exploitation or public PoC reported in input data.\\\", \\\"EPSS score suggests low observed exploitation likelihood.\\\", \\\"Vulnerability class historically associated with practical cache poisoning.\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes (MITM or adjacent network access to spoof DNS replies).\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Medium (requires MITM positioning and ability to predict or race DNS query IDs/ports).\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium CVSS and lack of active exploitation signals indicate scheduling within standard maintenance windows is appropriate. Prioritize assets with external DNS exposure or those in untrusted network segments.\\\",\\n \\\"recommended_sla\\\": \\\"90 days (align with quarterly patching cycle; expedite if MITM risk is elevated).\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Confidentiality and Integrity (DNS spoofing can redirect traffic and leak sensitive information).\\\",\\n \\\"technical_impact_details\\\": \\\"Attackers can poison DNS cache entries, causing applications to connect to attacker-controlled IPs. This may lead to credential theft, malware installation, or bypass of security controls.\\\",\\n \\\"blast_radius\\\": \\\"Moderate to high for devices using affected uIP/lwIP versions, especially if DNS is used for critical service resolution. Scope depends on deployment count and network exposure.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Risk is elevated if devices are internet-facing or operate in untrusted networks where MITM is feasible. Embedded/IoT devices may lack timely updates, prolonging exposure.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"lwIP\\\"],\\n \\\"affected_versions\\\": \\\"lwIP 1.4.1 and earlier\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Devices or applications using the built-in DNS resolver in affected uIP/lwIP versions.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Higher risk for internet-facing devices or those in environments with potential MITM (e.g., shared networks, Wi-Fi).\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"DNS Cache Poisoning for Phishing or Malware Delivery\\\",\\n \\\"attacker_goal\\\": \\\"Redirect users to malicious sites to harvest credentials or deliver malware.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker positions themselves to observe or predict DNS queries from a target device using affected uIP/lwIP.\\\", \\\"Attacker crafts spoofed DNS replies with predictable IDs/ports before legitimate resolver response arrives.\\\", \\\"Target caches the malicious DNS record, redirecting subsequent connections to attacker infrastructure.\\\"],\\n \\\"likely_targets\\\": \\\"Embedded devices, IoT endpoints, or systems using affected DNS resolver in untrusted networks.\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Service Disruption via DNS Redirection\\\",\\n \\\"attacker_goal\\\": \\\"Disrupt operations by redirecting critical services to invalid or blocked addresses.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker identifies a critical service relied upon by the target device (e.g., update server, licensing endpoint).\\\", \\\"Attacker poisons the DNS cache entry for that service to point to an invalid IP.\\\", \\\"Target device fails to reach the service, causing functional degradation or denial of service.\\\"],\\n \\\"likely_targets\\\": \\\"Devices requiring remote service access (updates, telemetry, licensing) in environments with MITM risk.\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Compensating Controls\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade uIP and lwIP to versions that implement proper DNS query ID and source port randomization (check vendor or community patches).\\\",\\n \\\"Deploy DNSSEC validation on recursive resolvers or endpoints to detect and reject forged DNS responses.\\\",\\n \\\"Segment networks to limit MITM opportunities and use encrypted/authenticated channels (e.g., VPN, TLS) for DNS where feasible.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Configure devices to use trusted, external recursive resolvers with DNSSEC validation instead of the affected built-in resolver.\\\",\\n \\\"patching_notes\\\": \\\"Verify patch availability from uIP/lwIP maintainers or device vendors. Embedded devices may require firmware updates.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Confirm DNS queries from affected devices exhibit randomized IDs and source ports using packet captures.\\\",\\n \\\"Validate that DNSSEC validation is enabled and functioning on upstream resolvers.\\\",\\n \\\"Test that spoofed DNS replies are rejected by the patched resolver or compensating controls.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"If patching causes instability, revert to previous firmware and rely on network-level mitigations (DNSSEC, segmentation) until a stable fix is available.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor DNS traffic for repeated or suspiciously timed replies to the same query, which may indicate poisoning attempts.\\\",\\n \\\"Alert on DNS responses with mismatched transaction IDs or unexpected source ports relative to queries.\\\",\\n \\\"Use endpoint or network logs to detect connections to known malicious IPs that could result from cache poisoning.\\\",\\n \\\"Hunt for devices making DNS queries with non-randomized IDs/ports by analyzing packet captures.\\\",\\n \\\"Correlate DNS response anomalies with MITM indicators (e.g., ARP spoofing, rogue DHCP) in the same network segment.\\\",\\n \\\"Review recursive resolver logs for DNSSEC validation failures that could indicate spoofing activity.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00114\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Affects uIP and lwIP libraries used in embedded systems and IoT devices; consider supply chain exposure if these are integrated into products.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"CWE IDs\\\", \\\"CVSS vector string\\\", \\\"fixed versions\\\", \\\"vendor advisories with patch links\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"CVSS base score discrepancy: cves_euvd reports 4.3 (v2.0), while cves reports 0.0; using 4.3 as authoritative.\\\", \\\"EPSS values differ between sources (0.1100 vs 0.00114); using EPSS source value (0.00114).\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed MITM positioning is required based on vulnerability description.\\\", \\\"Assumed lwIP is the primary affected product due to CPE and references; uIP details are limited.\\\"],\\n \\\"confidence\\\": \\\"Medium (key details like fixed versions and CWE are missing; CVSS conflict noted).\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://git.savannah.gnu.org/cgit/lwip.git/commit/?id=9fb46e120655ac481b2af8f865d5ae56c39b831a\\\",\\n \\\"http://www.kb.cert.org/vuls/id/210620\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"17\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2019-14871\",\n            \"component_name\": \"newlib\",\n            \"component_version\": \"4.1.0\",\n            \"component_cpe\": \"cpe:2.3:a:newlib_project:newlib:4.1.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/newlib@4.1.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2019-14871\\\",\\n \\\"title\\\": \\\"newlib REENT_CHECK macro missing memory allocation checks in production builds\\\",\\n \\\"short_description\\\": \\\"The REENT_CHECK macro in newlib versions prior to 3.3.0 does not check for memory allocation failures when the DEBUG flag is unset (production builds), leading to potential null pointer dereferences.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability affects production firmware builds of newlib, a C standard library implementation widely used in embedded systems. The lack of memory allocation checks can cause denial-of-service conditions or system crashes when allocation failures occur, impacting device availability and stability in resource-constrained environments.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"6.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-476\\\"],\\n \\\"weakness_summary\\\": \\\"Null pointer dereference due to missing NULL check after memory allocation in production builds\\\",\\n \\\"attack_surface\\\": \\\"Embedded systems and IoT devices using newlib in production firmware; affects reentrancy support structures (REENT_CHECK_TM, REENT_CHECK_MISC, REENT_CHECK_MP macros)\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Requires network access and low privileges; no authentication or user interaction needed; moderate complexity due to need to trigger memory allocation failure\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of in-the-wild exploitation found in input data\\\", \\\"EPSS score suggests low exploitation likelihood (0.00465)\\\", \\\"No public PoC references in input data\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Network\\\",\\n \\\"authentication_required\\\": \\\"Low privileges\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"Low\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity with availability impact; affects production firmware but requires specific conditions (memory pressure) to trigger; no active exploitation evidence; EPSS indicates low current risk\\\",\\n \\\"recommended_sla\\\": \\\"90 days for critical systems; 180 days for standard deployments\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Availability impact (High) with potential system crashes; no confidentiality or integrity impact\\\",\\n \\\"technical_impact_details\\\": \\\"Null pointer dereference when memory allocation fails in production builds; causes denial-of-service through system instability or crashes\\\",\\n \\\"blast_radius\\\": \\\"Embedded devices and IoT systems using newlib < 3.3.0 in production firmware; particularly impacts resource-constrained devices with limited memory\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to availability impact on embedded systems; limited to devices experiencing memory pressure; no data exfiltration or privilege escalation risk; affects device reliability and uptime\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"newlib\\\"],\\n \\\"affected_versions\\\": \\\"Versions prior to 3.3.0\\\",\\n \\\"fixed_versions\\\": \\\"3.3.0 and later\\\",\\n \\\"configuration_dependencies\\\": \\\"Production firmware builds (DEBUG flag unset); affects REENT_CHECK_TM, REENT_CHECK_MISC, REENT_CHECK_MP and related macros\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High relevance for internet-connected embedded devices and IoT endpoints; network access is a prerequisite for exploitation\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Memory exhaustion attack on embedded device\\\",\\n \\\"attacker_goal\\\": \\\"Cause device crash or denial-of-service\\\",\\n \\\"steps_high_level\\\": [\\\"Identify target device using newlib < 3.3.0\\\", \\\"Send requests to exhaust device memory allocation\\\", \\\"Trigger null pointer dereference through REENT_CHECK macro failure\\\"],\\n \\\"likely_targets\\\": \\\"IoT devices, embedded systems, network equipment with limited memory resources\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Resource starvation leading to system instability\\\",\\n \\\"attacker_goal\\\": \\\"Degrade device performance and reliability\\\",\\n \\\"steps_high_level\\\": [\\\"Exploit memory allocation patterns in newlib reentrancy structures\\\", \\\"Force repeated allocation failures in production environment\\\", \\\"Cause cascading failures through unchecked null pointer usage\\\"],\\n \\\"likely_targets\\\": \\\"Critical infrastructure embedded systems, medical devices, automotive systems\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and configuration management\\\",\\n \\\"mitigation_action\\\": [\\\"Upgrade newlib to version 3.3.0 or later to enable proper memory allocation checks in production builds\\\", \\\"Implement memory monitoring and limits on embedded systems to detect and prevent allocation failures\\\", \\\"Apply defense-in-depth controls including watchdog timers and crash recovery mechanisms for critical devices\\\"],\\n \\\"workarounds\\\": \\\"Enable DEBUG mode during testing phases; implement custom memory management wrappers with proper NULL checks; add system-level memory pressure monitoring\\\",\\n \\\"patching_notes\\\": \\\"Requires firmware update; coordinate with device manufacturers for embedded systems; test thoroughly due to library-level changes affecting core functionality\\\",\\n \\\"verification_steps\\\": [\\\"Verify newlib version in firmware using version inspection tools or build metadata\\\", \\\"Test memory allocation failure scenarios in controlled environment after patching\\\", \\\"Monitor system logs for null pointer dereference events and memory allocation errors\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain backup firmware images; implement A/B partition scheme for firmware updates; ensure recovery mechanisms remain functional\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor system logs for null pointer dereference exceptions and segmentation faults in embedded devices\\\",\\n \\\"Implement memory allocation failure tracking through custom logging in reentrancy structures\\\",\\n \\\"Use crash dump analysis to identify patterns of REENT_CHECK macro-related failures\\\",\\n \\\"Deploy network monitoring to detect anomalous memory consumption patterns targeting embedded devices\\\",\\n \\\"Hunt for repeated device restarts or watchdog timer resets in IoT device fleets\\\",\\n \\\"Correlate memory pressure events with system instability indicators across device populations\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"No evidence of active exploitation found in input data\\\",\\n \\\"public_exploit_references\\\": \\\"No public exploit code references found in input data\\\",\\n \\\"epss\\\": \\\"0.00465\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High relevance as newlib is embedded in many vendor firmware builds; affects downstream IoT and embedded device manufacturers\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Specific vendor impact statements\\\", \\\"Detailed affected device models\\\", \\\"CISA KEV status\\\", \\\"Ransomware campaign associations\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"CVSS version discrepancy: 3.1 in cves source vs 3.0 in cves_euvd source\\\", \\\"EPSS score conflict: 0.4600 in cves_euvd vs 0.00465 in cves_epss (using cves_epss as authoritative)\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed production firmware builds have DEBUG flag unset as stated\\\", \\\"Inferred embedded/IoT deployment context from newlib's typical usage\\\", \\\"Interpreted memory allocation failure as requiring specific system conditions\\\"],\\n \\\"confidence\\\": \\\"Medium confidence due to limited vendor-specific information and conflicting EPSS scores; core vulnerability details appear well-documented\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"18\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2019-14872\",\n            \"component_name\": \"newlib\",\n            \"component_version\": \"4.1.0\",\n            \"component_cpe\": \"cpe:2.3:a:newlib_project:newlib:4.1.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/newlib@4.1.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2019-14872\\\",\\n \\\"title\\\": \\\"newlib _dtoa_r NULL Pointer Dereference Vulnerability\\\",\\n \\\"short_description\\\": \\\"The _dtoa_r function in newlib (C standard library for embedded systems) prior to version 3.3.0 fails to check return values of multiple memory allocations, leading to NULL pointer dereference and potential denial of service.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability affects newlib, a C standard library widely used in embedded systems, IoT devices, and specialized firmware. A NULL pointer dereference can crash the process or trigger unexpected behavior, causing availability impacts in devices with limited supervision or safety-critical roles. While the direct impact is denial of service (no code execution indicated), affected devices may lack automatic restart mechanisms, leading to persistent outages. The vulnerability requires low-privilege network access and low attack complexity, making it accessible to attackers who can reach exposed services using newlib.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"6.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-476\\\"],\\n \\\"weakness_summary\\\": \\\"NULL Pointer Dereference due to missing return value checks on memory allocation calls within _dtoa_r.\\\",\\n \\\"attack_surface\\\": \\\"Network-accessible services or applications using newlib versions prior to 3.3.0 that invoke _dtoa_r (floating-point conversion).\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"No evidence of in-the-wild exploitation or public proof-of-concept was found in the input data. The vulnerability has low attack complexity and requires only low-privilege network access, but no authentication or user interaction.\\\",\\n \\\"evidence_signals\\\": [\\\"No CISA KEV entry present in input data\\\", \\\"No public exploit references present in input data\\\", \\\"EPSS score 0.00414 (low exploitation probability)\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Network\\\",\\n \\\"authentication_required\\\": \\\"Low privileges\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"Low\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"CVSS 6.5 MEDIUM with Availability impact only (no confidentiality/integrity compromise). No active exploitation signals found. Prioritize patching within standard maintenance windows for embedded/IoT assets using newlib < 3.3.0, especially those internet-exposed or in safety-critical roles.\\\",\\n \\\"recommended_sla\\\": \\\"90 days (align with next scheduled maintenance window for embedded devices; validate compensating controls for internet-exposed assets within 30 days).\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Availability\\\",\\n \\\"technical_impact_details\\\": \\\"NULL pointer dereference leads to process crash or unexpected behavior, causing denial of service. No evidence of code execution or information disclosure.\\\",\\n \\\"blast_radius\\\": \\\"Moderate: Affects devices and firmware using newlib < 3.3.0. Impact is per-device availability; widespread deployment could lead to multiple device outages if triggered.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Availability impact in embedded/IoT contexts can be significant if devices lack resilience (auto-restart, failover). No code execution reduces immediate security risk, but operational disruption and potential safety implications in critical systems justify medium business risk.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"newlib\\\"],\\n \\\"affected_versions\\\": \\\"Versions prior to 3.3.0\\\",\\n \\\"fixed_versions\\\": \\\"3.3.0 and later\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires code paths that invoke _dtoa_r (floating-point-to-string conversion). Common in embedded applications performing formatted output or network services handling numeric data.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High relevance for internet-exposed embedded devices or services using newlib. Network access is a prerequisite per CVSS vector.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Remote DoS Against IoT Device\\\",\\n \\\"attacker_goal\\\": \\\"Cause denial of service in an internet-exposed IoT device by triggering NULL pointer dereference.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker identifies target device using newlib < 3.3.0 via banner grabbing or fingerprinting.\\\", \\\"Attacker crafts input that triggers floating-point conversion in _dtoa_r (e.g., malformed numeric payload).\\\", \\\"Multiple memory allocations fail silently, leading to NULL dereference and device crash.\\\"],\\n \\\"likely_targets\\\": \\\"Internet-exposed embedded devices, IoT gateways, industrial control systems using newlib.\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Internal Network DoS via Malformed Input\\\",\\n \\\"attacker_goal\\\": \\\"Disrupt internal embedded systems by sending crafted network packets to services using newlib.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker gains low-privilege access to internal network.\\\", \\\"Attacker identifies services on embedded devices that accept numeric input (e.g., configuration interfaces, data ingestion endpoints).\\\", \\\"Attacker sends inputs that exhaust memory or trigger allocation failures in _dtoa_r, causing NULL dereference and service crash.\\\"],\\n \\\"likely_targets\\\": \\\"Internal embedded devices, firmware-based appliances, network equipment using newlib.\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade newlib to version 3.3.0 or later on all affected embedded devices and firmware builds.\\\",\\n \\\"Audit internet-exposed and internal embedded assets to identify those using newlib versions prior to 3.3.0.\\\",\\n \\\"Implement input validation and rate limiting on network services to reduce likelihood of triggering the vulnerability.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"patching_notes\\\": \\\"Embedded device patching may require firmware updates or vendor-provided patches. Coordinate with device manufacturers and plan maintenance windows to minimize operational disruption.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify newlib version on target devices using firmware inventory tools or by checking library version strings.\\\",\\n \\\"Test patched devices under normal load to confirm stability and functionality of floating-point operations.\\\",\\n \\\"Monitor crash logs and availability metrics post-patch to detect any residual issues.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain pre-patch firmware images for critical devices. Test rollback procedures in non-production environments to ensure rapid recovery if patch introduces instability.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor device logs for unexpected process crashes or watchdog resets in embedded systems using newlib.\\\",\\n \\\"Deploy network IDS rules to detect malformed numeric inputs or repeated allocation patterns targeting services on known embedded platforms.\\\",\\n \\\"Correlate availability alerts with network traffic spikes or suspicious input patterns from external or internal sources.\\\",\\n \\\"Use asset inventory to flag devices with newlib < 3.3.0 and prioritize monitoring for those with internet exposure.\\\",\\n \\\"Hunt for anomalous floating-point conversion errors or memory allocation failures in application logs.\\\",\\n \\\"Implement health checks and automated restart mechanisms for critical embedded services to mitigate DoS impact.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00414\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium: newlib is a common dependency in embedded toolchains and firmware builds; patching may require coordination with multiple vendors and supply chain partners.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed affected version ranges beyond 'prior to 3.3.0'\\\", \\\"Vendor-specific advisories or patch links\\\", \\\"Evidence of active exploitation\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"CVSS version discrepancy: input shows 3.1 in cves.cvss_vector but 3.0 in cves_euvd.basescoreversion; using 3.1 as authoritative from cves source.\\\", \\\"EPSS scores differ between cves_euvd (0.4100) and cves_epss (0.00414); using cves_epss value as it is explicitly sourced from EPSS.\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed embedded/IoT deployment context based on newlib's typical use cases.\\\", \\\"Assumed availability impact is per-device without code execution, based on NULL dereference class.\\\"],\\n \\\"confidence\\\": \\\"Medium: Core vulnerability details are clear, but lack of vendor advisories and exploitation evidence limits confidence in real-world exposure and patching timelines.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"19\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2019-14873\",\n            \"component_name\": \"newlib\",\n            \"component_version\": \"4.1.0\",\n            \"component_cpe\": \"cpe:2.3:a:newlib_project:newlib:4.1.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/newlib@4.1.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2019-14873\\\",\\n \\\"title\\\": \\\"newlib __multadd null pointer dereference on allocation failure\\\",\\n \\\"short_description\\\": \\\"In newlib versions prior to 3.3.0, the __multadd function (newlib/libc/stdlib/mprec.c) calls Balloc to allocate a big integer but does not check whether allocation succeeded, leading to a null pointer dereference when memory allocation fails.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability can cause denial of service (crash) in any application or embedded system using newlib when memory pressure triggers allocation failure. While impact is limited to availability (no code execution indicated), it affects reliability and can be triggered remotely in exposed services. The affected library is widely used in embedded and IoT environments where availability is often critical and patching cycles are long.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"6.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-476\\\"],\\n \\\"weakness_summary\\\": \\\"Null pointer dereference due to missing null check after memory allocation (Balloc). The code assumes allocation always succeeds and dereferences the returned pointer without validation.\\\",\\n \\\"attack_surface\\\": \\\"Applications and embedded systems using newlib for C standard library functions, particularly those handling multi-precision arithmetic. Attack surface includes any network-facing service or local process that can trigger the vulnerable code path under memory pressure.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires low-privileged network access and ability to trigger memory allocation failure in the __multadd code path. No authentication or user interaction is needed, but inducing allocation failure may require sustained resource pressure.\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of in-the-wild exploitation in input data\\\", \\\"EPSS score indicates low exploitation likelihood (0.00401)\\\", \\\"Public research disclosure by Census Labs\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Network\\\",\\n \\\"authentication_required\\\": \\\"Low privileges\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"Low\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity DoS vulnerability requiring memory pressure to trigger. No evidence of active exploitation. Priority driven by availability impact in embedded/IoT contexts and widespread newlib deployment. Schedule patching in next maintenance cycle with focus on exposed systems.\\\",\\n \\\"recommended_sla\\\": \\\"90 days for general systems; 30 days for internet-facing or critical availability systems\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Availability: High (application crash/DoS); Confidentiality: None; Integrity: None\\\",\\n \\\"technical_impact_details\\\": \\\"Null pointer dereference causes application crash when Balloc returns NULL under memory pressure. Impact limited to denial of service - no evidence of code execution or information disclosure. Vulnerable code path involves multi-precision arithmetic operations.\\\",\\n \\\"blast_radius\\\": \\\"All systems using newlib versions < 3.3.0, particularly embedded devices, IoT products, and specialized firmware. Network-facing services using newlib are most exposed.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to DoS potential in availability-critical systems. Risk elevated for embedded/IoT deployments with limited patching capabilities and long device lifespans. No data breach or integrity compromise, but service disruption possible under memory pressure conditions.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"newlib\\\"],\\n \\\"affected_versions\\\": \\\"All versions prior to 3.3.0\\\",\\n \\\"fixed_versions\\\": \\\"3.3.0 and later\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires code path through __multadd function in mprec.c (multi-precision arithmetic). No specific configuration required - vulnerability present in default builds.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High relevance for internet-facing devices and services using newlib. Embedded systems with network exposure are particularly at risk due to difficulty in patching.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Memory pressure DoS attack\\\",\\n \\\"attacker_goal\\\": \\\"Cause application crash through induced memory allocation failure\\\",\\n \\\"steps_high_level\\\": [\\\"Identify target system using newlib < 3.3.0 with network exposure\\\", \\\"Send requests that trigger multi-precision arithmetic operations in __multadd code path\\\", \\\"Induce memory pressure through repeated requests or system resource exhaustion\\\"],\\n \\\"likely_targets\\\": \\\"Embedded devices, IoT products, network equipment firmware using newlib\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Resource exhaustion in constrained devices\\\",\\n \\\"attacker_goal\\\": \\\"Exploit limited memory in embedded systems to trigger allocation failure\\\",\\n \\\"steps_high_level\\\": [\\\"Target memory-constrained embedded device with newlib < 3.3.0\\\", \\\"Craft inputs requiring multi-precision calculations\\\", \\\"Exhaust available memory through repeated operations to trigger Balloc failure\\\"],\\n \\\"likely_targets\\\": \\\"IoT sensors, industrial control systems, embedded Linux devices with limited RAM\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and hardening\\\",\\n \\\"mitigation_action\\\": [\\\"Upgrade newlib to version 3.3.0 or later to address the null pointer dereference\\\", \\\"Implement memory management hardening with allocation failure checks in custom code using newlib\\\", \\\"Apply resource limits and memory monitoring to detect/prevent allocation exhaustion conditions\\\"],\\n \\\"workarounds\\\": \\\"Limit memory allocation through system resource constraints where possible. Monitor for repeated crashes in newlib-using applications. Consider restart mechanisms for critical services.\\\",\\n \\\"patching_notes\\\": \\\"For embedded systems: verify compatibility of newlib 3.3.0+ with existing toolchain and application code. Test thoroughly in development environment before deployment. Some systems may require full firmware updates.\\\",\\n \\\"verification_steps\\\": [\\\"Verify newlib version in target systems using package managers or library version inspection\\\", \\\"Test multi-precision arithmetic operations under memory-constrained conditions after patching\\\", \\\"Monitor application logs for null pointer dereference crashes before and after remediation\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous newlib version and associated toolchain components. Document any application behavior changes introduced by newlib upgrade. Plan rollback procedure for critical production systems.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor application crashes with null pointer dereference signals (SIGSEGV) in systems using newlib\\\",\\n \\\"Search logs for repeated failures in multi-precision arithmetic operations or memory allocation errors\\\",\\n \\\"Implement memory pressure monitoring to detect conditions that could trigger Balloc failures\\\",\\n \\\"Hunt for network patterns indicating attempts to exhaust system memory through repeated requests\\\",\\n \\\"Use strace/ltrace to identify calls to __multadd function in suspicious crash dumps\\\",\\n \\\"Monitor embedded device availability metrics for unexplained service interruptions\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"No evidence of in-the-wild exploitation found in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Research disclosure by Census Labs with technical details\\\",\\n \\\"epss\\\": \\\"0.00401\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High - newlib is embedded in many vendor products and firmware. Vulnerability affects downstream devices and may require vendor-coordinated updates.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed affected version ranges beyond 'prior to 3.3.0'\\\", \\\"Vendor-specific advisories or patch availability information\\\", \\\"Specific product mappings using vulnerable newlib versions\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"CVSS version discrepancy: 3.1 in main data vs 3.0 in EUVD source\\\", \\\"EPSS score conflict: 0.4000 in EUVD vs 0.00401 in EPSS source (using 0.00401 as authoritative)\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed 'Low' privileges required based on CVSS:3.1/PR:L metric\\\", \\\"Inferred embedded/IoT relevance from newlib's typical deployment contexts\\\", \\\"Interpreted memory pressure as achievable through network means for exposed systems\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear, but product-specific impact assessment limited by lack of vendor advisories and detailed version mappings\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"20\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2019-14874\",\n            \"component_name\": \"newlib\",\n            \"component_version\": \"4.1.0\",\n            \"component_cpe\": \"cpe:2.3:a:newlib_project:newlib:4.1.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/newlib@4.1.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2019-14874\\\",\\n \\\"title\\\": \\\"newlib libc __i2b null pointer dereference\\\",\\n \\\"short_description\\\": \\\"In the __i2b function of the newlib libc library, all versions prior to 3.3.0, Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _ x[0] will trigger a null pointer dereference bug in case of a memory allocation failure.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows an unauthenticated network attacker to cause denial of service by triggering a null pointer dereference when memory allocation fails. While impact is limited to availability (no code execution), newlib is widely used in embedded systems and IoT devices where availability is critical and patching cycles are long.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"6.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-476\\\"],\\n \\\"weakness_summary\\\": \\\"NULL Pointer Dereference in memory allocation error path\\\",\\n \\\"attack_surface\\\": \\\"Network-accessible services using newlib's printf/scanf family functions that invoke __i2b\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitable via network requests that trigger memory allocation failure in __i2b function\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of in-the-wild exploitation\\\", \\\"EPSS score 0.00401 (low exploitation likelihood)\\\", \\\"Public vulnerability disclosure with technical details\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"Low\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity DoS vulnerability requiring network access and low privileges. No evidence of active exploitation. EPSS score indicates low exploitation likelihood. Priority driven by availability impact in embedded/IoT environments.\\\",\\n \\\"recommended_sla\\\": \\\"90 days\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Availability: High (application crash/DoS), Confidentiality: None, Integrity: None\\\",\\n \\\"technical_impact_details\\\": \\\"Triggering the vulnerability causes a null pointer dereference, resulting in application crash or system reboot depending on platform exception handling\\\",\\n \\\"blast_radius\\\": \\\"All systems running newlib versions < 3.3.0 with network-exposed services using affected functions\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Availability impact in embedded/IoT devices where newlib is commonly used. Risk elevated for critical infrastructure devices with limited patching capabilities. No code execution or data compromise.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"newlib\\\"],\\n \\\"affected_versions\\\": \\\"All versions prior to 3.3.0\\\",\\n \\\"fixed_versions\\\": \\\"3.3.0 and later\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires network-accessible services that invoke newlib's __i2b function through printf/scanf operations\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High - vulnerability requires network access to exploit\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Remote DoS against embedded device\\\",\\n \\\"attacker_goal\\\": \\\"Cause service disruption or device reboot\\\",\\n \\\"steps_high_level\\\": [\\\"Identify target device using newlib < 3.3.0\\\", \\\"Send network requests that exhaust memory allocation\\\", \\\"Trigger null pointer dereference in __i2b function\\\", \\\"Observe application crash or system reboot\\\"],\\n \\\"likely_targets\\\": \\\"IoT devices, embedded systems, network equipment\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Resource exhaustion attack\\\",\\n \\\"attacker_goal\\\": \\\"Degrade service availability through repeated exploitation\\\",\\n \\\"steps_high_level\\\": [\\\"Craft requests causing memory pressure\\\", \\\"Force repeated Balloc allocation failures\\\", \\\"Exploit null dereference to crash service\\\", \\\"Maintain attack persistence through automated retries\\\"],\\n \\\"likely_targets\\\": \\\"Headless embedded devices with limited memory\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and hardening\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade newlib to version 3.3.0 or later to address the null pointer dereference\\\",\\n \\\"Implement memory limits and monitoring to detect/prevent allocation exhaustion attacks\\\",\\n \\\"Apply network segmentation to restrict access to vulnerable embedded devices\\\"\\n ],\\n \\\"workarounds\\\": \\\"Implement memory pressure monitoring and restart mechanisms for affected services\\\",\\n \\\"patching_notes\\\": \\\"Verify all embedded devices and firmware images for newlib version. Coordinate with hardware vendors for firmware updates.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Check newlib version in target systems using version strings or library inspection\\\",\\n \\\"Test memory allocation failure paths in __i2b function after patching\\\",\\n \\\"Monitor crash logs and system stability post-patch\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous firmware/library versions. Test patch compatibility with existing applications.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for repeated application crashes in systems using newlib\\\",\\n \\\"Detect abnormal memory allocation patterns or exhaustion events\\\",\\n \\\"Alert on network traffic patterns targeting embedded device management interfaces\\\",\\n \\\"Hunt for exploit attempts using fuzzing or memory pressure techniques\\\",\\n \\\"Correlate system reboots with network activity logs\\\",\\n \\\"Implement canary systems to detect exploitation attempts\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"No evidence of active exploitation\\\",\\n \\\"public_exploit_references\\\": \\\"Technical details available at census-labs.com\\\",\\n \\\"epss\\\": \\\"0.00401\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High - newlib embedded in many IoT/embedded device firmware images\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Vendor advisory link\\\", \\\"Detailed affected version ranges\\\", \\\"Platform-specific impact details\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"CVSS version discrepancy: 3.1 in main data vs 3.0 in EUVD\\\", \\\"EPSS score conflict: 0.4000 vs 0.00401 (using 0.00401 as authoritative)\\\"],\\n \\\"assumptions_made\\\": [\\\"Network access required based on CVSS:3.1 AV:N\\\", \\\"Embedded/IoT deployment context inferred from newlib usage patterns\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details clear, but limited vendor documentation and platform-specific impact information\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"21\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2019-14875\",\n            \"component_name\": \"newlib\",\n            \"component_version\": \"4.1.0\",\n            \"component_cpe\": \"cpe:2.3:a:newlib_project:newlib:4.1.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/newlib@4.1.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2019-14875\\\",\\n \\\"title\\\": \\\"newlib libc __multiply function NULL pointer dereference\\\",\\n \\\"short_description\\\": \\\"A NULL pointer dereference vulnerability exists in the __multiply function of newlib libc versions prior to 3.3.0 due to missing Balloc allocation success check, leading to potential denial of service.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows authenticated attackers to trigger a NULL pointer dereference by causing memory allocation failures, resulting in application crashes and denial of service. While it doesn't enable code execution, it can disrupt embedded systems and IoT devices relying on newlib, particularly in resource-constrained environments where allocation failures are more likely.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"6.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-476\\\"],\\n \\\"weakness_summary\\\": \\\"NULL pointer dereference in Balloc memory allocation failure handling within multiprecision arithmetic function\\\",\\n \\\"attack_surface\\\": \\\"Network-accessible applications using newlib with multiprecision arithmetic operations\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Requires authenticated network access and ability to trigger memory allocation failures during big integer operations\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of in-the-wild exploitation\\\", \\\"EPSS score indicates low exploitation likelihood\\\", \\\"Technical analysis available from Census Labs\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Network\\\",\\n \\\"authentication_required\\\": \\\"Low privileges\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"Low\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity DoS vulnerability requiring authenticated access with moderate exploit complexity. No evidence of active exploitation. Priority should be given to embedded/IoT devices with limited memory resources.\\\",\\n \\\"recommended_sla\\\": \\\"90 days for internet-facing systems; 180 days for internal systems\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Availability impact only - denial of service through application crash\\\",\\n \\\"technical_impact_details\\\": \\\"NULL pointer dereference when Balloc fails to allocate memory for big integer operations, causing segmentation fault and process termination\\\",\\n \\\"blast_radius\\\": \\\"Moderate - affects applications using newlib's multiprecision arithmetic functions, particularly impactful in embedded systems with limited memory\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"DoS vulnerability in widely-used embedded libc library. Higher risk for critical embedded systems and IoT devices where availability is crucial. Lower risk for general-purpose systems with robust memory management.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"newlib\\\"],\\n \\\"affected_versions\\\": \\\"All versions prior to 3.3.0\\\",\\n \\\"fixed_versions\\\": \\\"3.3.0 and later\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires code paths that invoke __multiply function with multiprecision arithmetic operations\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High relevance for internet-facing embedded devices and IoT endpoints using newlib\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Resource exhaustion DoS attack\\\",\\n \\\"attacker_goal\\\": \\\"Cause application crash through memory allocation failure\\\",\\n \\\"steps_high_level\\\": [\\\"Authenticate to target system with low privileges\\\", \\\"Trigger multiprecision arithmetic operations that exhaust available memory\\\", \\\"Exploit NULL pointer dereference when Balloc fails\\\"],\\n \\\"likely_targets\\\": \\\"Embedded systems, IoT devices, and resource-constrained applications\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Fuzzing-induced crash\\\",\\n \\\"attacker_goal\\\": \\\"Discover and exploit memory allocation edge cases\\\",\\n \\\"steps_high_level\\\": [\\\"Send malformed input to applications using newlib\\\", \\\"Trigger edge cases in big integer multiplication\\\", \\\"Exploit NULL dereference for DoS\\\"],\\n \\\"likely_targets\\\": \\\"Network services and applications with newlib dependencies\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and hardening\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade newlib to version 3.3.0 or later to address the NULL pointer dereference vulnerability.\\\",\\n \\\"Implement memory management hardening by adding allocation failure checks in custom code using Balloc functions.\\\",\\n \\\"Deploy memory limits and monitoring to detect potential memory exhaustion attacks against embedded systems.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Implement system-level memory monitoring and restart mechanisms for critical embedded applications\\\",\\n \\\"patching_notes\\\": \\\"Version 3.3.0 includes proper NULL check after Balloc allocation. Verify all embedded firmware and IoT devices for newlib dependency versions.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Check newlib version in target systems using package management tools or library version inspection.\\\",\\n \\\"Verify that applications handle memory allocation failures gracefully after patching.\\\",\\n \\\"Test multiprecision arithmetic operations under memory-constrained conditions to confirm fix effectiveness.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous newlib version and application binaries. Test rollback procedures in non-production environment first.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for segmentation fault signals (SIGSEGV) in applications using newlib, particularly during arithmetic operations\\\",\\n \\\"Implement EDR rules to detect repeated crash patterns in embedded systems and IoT devices\\\",\\n \\\"Search logs for memory allocation failure messages followed by application termination\\\",\\n \\\"Hunt for network traffic patterns that trigger complex mathematical computations in newlib-dependent services\\\",\\n \\\"Monitor system memory usage spikes preceding application crashes as potential exploitation indicators\\\",\\n \\\"Deploy canary systems with memory constraints to detect attempted exploitation\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"No evidence of active exploitation\\\",\\n \\\"public_exploit_references\\\": \\\"Technical analysis available at census-labs.com; no public exploit code identified\\\",\\n \\\"epss\\\": \\\"0.00401\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High - newlib is widely used in embedded systems, IoT devices, and cross-compilation toolchains\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Vendor-specific advisory links\\\", \\\"Detailed affected version ranges beyond 'prior to 3.3.0'\\\", \\\"Specific product implementations using vulnerable newlib versions\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"CVSS version discrepancy: 3.1 in main data vs 3.0 in EUVD enrichment\\\", \\\"EPSS score conflict: 0.4000 in EUVD vs 0.00401 in EPSS source\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed embedded/IoT systems are primary concern based on newlib's typical deployment\\\", \\\"Inferred memory-constrained environments increase exploit likelihood\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear, but specific deployment context and exploitation evidence are limited\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"23\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2019-14877\",\n            \"component_name\": \"newlib\",\n            \"component_version\": \"4.1.0\",\n            \"component_cpe\": \"cpe:2.3:a:newlib_project:newlib:4.1.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/newlib@4.1.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2019-14877\\\",\\n \\\"title\\\": \\\"newlib __mdiff null pointer dereference\\\",\\n \\\"short_description\\\": \\\"In the __mdiff function of the newlib libc library, all versions prior to 3.3.0, Balloc is used to allocate big integers, however no check is performed to verify if the allocation succeeded or not. The access to _wds and _sign will trigger a null pointer dereference bug in case of a memory allocation failure.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows an authenticated attacker to cause denial of service by triggering a null pointer dereference when memory allocation fails. While impact is limited to availability, newlib is widely used in embedded systems and IoT devices where availability is critical and patching cycles are often slow.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"6.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-476\\\"],\\n \\\"weakness_summary\\\": \\\"Null pointer dereference due to missing null check after memory allocation in Balloc function\\\",\\n \\\"attack_surface\\\": \\\"Network-accessible applications using newlib with big integer operations in __mdiff function\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Requires authenticated network access and ability to trigger memory allocation failure in __mdiff function\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of in-the-wild exploitation\\\", \\\"EPSS score indicates low exploitation likelihood\\\", \\\"Academic research disclosure by Census Labs\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Network\\\",\\n \\\"authentication_required\\\": \\\"Low privileges\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"Low\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity DoS vulnerability requiring authenticated access; no evidence of active exploitation but affects critical embedded systems library\\\",\\n \\\"recommended_sla\\\": \\\"90 days for internet-facing systems; 180 days for internal systems\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Availability impact only - denial of service through application crash\\\",\\n \\\"technical_impact_details\\\": \\\"Null pointer dereference causes application termination when Balloc fails to allocate memory for big integers in __mdiff function\\\",\\n \\\"blast_radius\\\": \\\"Moderate - affects all newlib versions prior to 3.3.0 used in embedded systems, IoT devices, and specialized firmware\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Availability impact in embedded/IoT contexts where reliability is critical; however, requires specific conditions to trigger and authenticated access reduces immediate risk\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"newlib\\\"],\\n \\\"affected_versions\\\": \\\"All versions prior to 3.3.0\\\",\\n \\\"fixed_versions\\\": \\\"3.3.0 and later\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires code path that calls __mdiff function with conditions causing memory allocation failure\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High for internet-facing embedded devices and IoT endpoints using vulnerable newlib versions\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"DoS attack on embedded device\\\",\\n \\\"attacker_goal\\\": \\\"Cause service disruption to embedded system or IoT device\\\",\\n \\\"steps_high_level\\\": [\\\"Authenticate to target device with low privileges\\\", \\\"Trigger __mdiff function with input causing memory allocation failure\\\", \\\"Exploit null pointer dereference to crash application\\\"],\\n \\\"likely_targets\\\": \\\"Internet-facing embedded systems, IoT devices, industrial control systems using newlib\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Resource exhaustion attack\\\",\\n \\\"attacker_goal\\\": \\\"Force memory allocation failures to trigger vulnerability\\\",\\n \\\"steps_high_level\\\": [\\\"Identify service using newlib with __mdiff exposure\\\", \\\"Exhaust available memory through other means\\\", \\\"Trigger __mdiff function to exploit null pointer dereference\\\"],\\n \\\"likely_targets\\\": \\\"Memory-constrained embedded devices and firmware implementations\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and hardening\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade newlib to version 3.3.0 or later to address the null pointer dereference vulnerability\\\",\\n \\\"Implement memory management hardening to prevent allocation failures in critical code paths\\\",\\n \\\"Apply defense-in-depth controls including memory limits and crash recovery mechanisms for embedded systems\\\"\\n ],\\n \\\"workarounds\\\": \\\"Implement memory allocation wrappers with proper null checks; enable core dump analysis for crash investigation\\\",\\n \\\"patching_notes\\\": \\\"Embedded systems may require firmware updates; coordinate with device manufacturers for patch availability\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify newlib version is 3.3.0 or later using version inspection tools\\\",\\n \\\"Test __mdiff function with memory-constrained conditions to confirm fix\\\",\\n \\\"Review crash logs and core dumps for null pointer dereference patterns\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous firmware/image before updating embedded systems; test in isolated environment first\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for application crashes with null pointer dereference signatures in systems using newlib\\\",\\n \\\"Detect repeated authentication attempts followed by service crashes suggesting exploitation attempts\\\",\\n \\\"Hunt for memory allocation failure patterns in system logs preceding application crashes\\\",\\n \\\"Monitor embedded device availability metrics for unusual service disruption patterns\\\",\\n \\\"Search for core dump files in embedded systems indicating potential null pointer dereference\\\",\\n \\\"Correlate network traffic patterns with service crashes in IoT/embedded devices\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00309\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High - newlib is embedded in many IoT devices and firmware; vulnerability affects supply chain of embedded system manufacturers\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Vendor advisory details\\\", \\\"Specific product implementations affected\\\", \\\"Exploit code availability\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"CVSS version conflict: 3.1 in main data vs 3.0 in EUVD enrichment\\\", \\\"EPSS score discrepancy: 0.3100 vs 0.00309\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed embedded/IoT deployment context based on newlib usage patterns\\\", \\\"Inferred authentication requirements from CVSS PR:L metric\\\"],\\n \\\"confidence\\\": \\\"Medium - core vulnerability details clear but exploitation context and affected products lack specificity\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"24\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2019-14878\",\n            \"component_name\": \"newlib\",\n            \"component_version\": \"4.1.0\",\n            \"component_cpe\": \"cpe:2.3:a:newlib_project:newlib:4.1.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/newlib@4.1.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2019-14878\\\",\\n \\\"title\\\": \\\"newlib __d2b null pointer dereference on allocation failure\\\",\\n \\\"short_description\\\": \\\"In the __d2b function of the newlib libc library (all versions prior to 3.3.0), Balloc is used to allocate a big integer without checking whether allocation succeeded. Accessing _x after a failed allocation triggers a null pointer dereference, leading to denial of service.\\\",\\n \\\"why_it_matters\\\": \\\"newlib is a C standard library implementation widely used in embedded systems, IoT devices, and specialized toolchains. A null pointer dereference in core conversion/math routines can crash processes or entire systems, causing availability impact. While the vulnerability requires an attacker to induce memory pressure or trigger the code path, its presence in a foundational library increases exposure across firmware and embedded deployments.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"6.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-476\\\"],\\n \\\"weakness_summary\\\": \\\"NULL Pointer Dereference: missing null check after allocation in __d2b (newlib/libc/stdlib/mprec.c).\\\",\\n \\\"attack_surface\\\": \\\"Library code reachable via floating-point/string conversion or formatted I/O that invokes __d2b; exposure increases if the system allows triggering repeated allocations or memory pressure.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Low\\\",\\n \\\"exploit_summary\\\": \\\"No evidence of in-the-wild exploitation or public PoC; attacker must induce memory allocation failure to trigger the null dereference, which is context-dependent and may be difficult to reliably weaponize.\\\",\\n \\\"evidence_signals\\\": [\\\"No CISA KEV entry\\\", \\\"No vendor reports of active exploitation\\\", \\\"EPSS score 0.00309 (low exploitation likelihood)\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Network (AV:N)\\\",\\n \\\"authentication_required\\\": \\\"Low privileges (PR:L)\\\",\\n \\\"user_interaction_required\\\": \\\"None (UI:N)\\\",\\n \\\"privileges_required\\\": \\\"Low\\\",\\n \\\"attack_complexity\\\": \\\"Low (AC:L)\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"CVSS 6.5 with High Availability impact but no confidentiality/integrity loss; exploit requires inducing memory pressure and low-privilege access. EPSS is very low (0.00309). Prioritize patching within standard maintenance windows for systems using newlib < 3.3.0.\\\",\\n \\\"recommended_sla\\\": \\\"90 days (standard patch cycle) unless evidence of exploitation emerges.\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Availability: High (process/system crash via null pointer dereference). Confidentiality: None. Integrity: None.\\\",\\n \\\"technical_impact_details\\\": \\\"Triggering the bug crashes the calling process; in constrained embedded environments without memory protection or recovery, this may cause system instability or require restart.\\\",\\n \\\"blast_radius\\\": \\\"Moderate: affects all products embedding newlib < 3.3.0; actual exposure depends on code reachability and whether attackers can reliably induce allocation failures.\\\",\\n \\\"business_risk_rating\\\": \\\"2\\\",\\n \\\"business_risk_justification\\\": \\\"Denial-of-service risk in embedded/IoT contexts; no data theft or code execution. Risk is limited to availability and depends heavily on deployment exposure and ability to trigger the vulnerable path.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"newlib\\\"],\\n \\\"affected_versions\\\": \\\"All versions prior to 3.3.0\\\",\\n \\\"fixed_versions\\\": \\\"3.3.0 and later\\\",\\n \\\"configuration_dependencies\\\": \\\"Dependent on code paths that call __d2b (e.g., floating-point/string conversions); systems under memory pressure or with constrained heaps may be more susceptible.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Relevant if newlib-based services are exposed to untrusted input that can trigger conversion routines or exhaust memory.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Memory exhaustion leading to DoS\\\",\\n \\\"attacker_goal\\\": \\\"Crash the process or device by triggering null pointer dereference.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker sends inputs that invoke floating-point/string conversion in newlib.\\\", \\\"Attacker concurrently induces memory pressure (e.g., many allocations) to cause Balloc to fail.\\\", \\\"__d2b dereferences NULL _x, causing a crash.\\\"],\\n \\\"likely_targets\\\": \\\"Embedded devices, IoT endpoints, or services using newlib with exposed conversion interfaces.\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade newlib to version 3.3.0 or later to include the null check fix in __d2b.\\\",\\n \\\"Audit firmware and embedded systems for newlib versions prior to 3.3.0 and prioritize updates in internet-exposed or critical devices.\\\",\\n \\\"Implement memory limits and watchdog mechanisms to mitigate impact if exploitation is attempted.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"patching_notes\\\": \\\"Verify that the patched version (3.3.0+) is compatible with the toolchain and target platform; regression-test floating-point and conversion functionality.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Check newlib version in build toolchain and linked binaries (e.g., toolchain --version, strings on binaries).\\\",\\n \\\"Confirm that __d2b code path includes null check after Balloc in mprec.c.\\\",\\n \\\"Test conversion routines under memory pressure to ensure stability.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"If patching causes regressions, rollback to previous version and apply memory hardening (e.g., heap limits, restart policies) as temporary mitigation.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for sudden process crashes or watchdog resets in embedded/newlib-based systems, especially after memory pressure events.\\\",\\n \\\"Instrument malloc/Balloc failures and track subsequent null pointer accesses in newlib code paths.\\\",\\n \\\"Hunt for repeated inputs designed to trigger floating-point/string conversions in exposed services.\\\",\\n \\\"Use static analysis on firmware/binaries to detect newlib < 3.3.0 and flag vulnerable versions.\\\",\\n \\\"Deploy memory pressure tests in staging to assess exploitability before production exposure.\\\",\\n \\\"Correlate crash signatures (null deref at __d2b) with network activity logs to identify potential exploitation attempts.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00309\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium: newlib is a common dependency in embedded toolchains; compromise could affect multiple downstream firmware/device vendors.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Vendor advisory link\\\", \\\"Detailed affected version ranges beyond '< 3.3.0'\\\", \\\"PoC or exploitation evidence\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS values differ between sources (0.3100 vs 0.00309); using EPSS source value 0.00309 as authoritative.\\\", \\\"CVSS version differs (3.1 in cves vs 3.0 in cves_euvd); using 3.1 as specified in vector.\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed 'all versions prior to 3.3.0' implies inclusive of 3.2.x and earlier.\\\", \\\"Assumed 'AV:N/AC:L/PR:L' indicates network-accessible, low-complexity, low-privilege attack.\\\"],\\n \\\"confidence\\\": \\\"Medium: core vulnerability details are clear, but exploitability and exposure depend heavily on deployment context and ability to induce memory pressure.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"31\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2015-0210\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2015-0210\\\",\\n \\\"title\\\": \\\"wpa_supplicant 2.0-16 certificate subject name validation vulnerability\\\",\\n \\\"short_description\\\": \\\"wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability enables man-in-the-middle (MITM) attacks by allowing an attacker to present a certificate that the client fails to properly validate against the expected subject name. Successful exploitation can lead to interception or manipulation of Wi-Fi authentication traffic, potentially compromising credential confidentiality and session integrity. The risk is elevated in environments with untrusted networks or rogue access points.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.0\\\",\\n \\\"cvss_base_score\\\": \\\"5.9\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-297\\\"],\\n \\\"weakness_summary\\\": \\\"Improper validation of certificate subject name allows MITM attacks.\\\",\\n \\\"attack_surface\\\": \\\"Wi-Fi authentication handshake; TLS/SSL certificate validation in wpa_supplicant.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires network access and the ability to position as a MITM; no authentication or user interaction is needed, but complexity is high.\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of in-the-wild exploitation in input data.\\\", \\\"EPSS score suggests low current exploitation likelihood.\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"High\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium CVSS score with high attack complexity and no active exploitation signals; prioritize patching during regular maintenance windows.\\\",\\n \\\"recommended_sla\\\": \\\"90 days\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Confidentiality impact is high; integrity and availability are not directly affected.\\\",\\n \\\"technical_impact_details\\\": \\\"Unauthorized information disclosure via MITM; potential credential or session token compromise.\\\",\\n \\\"blast_radius\\\": \\\"Limited to clients running affected wpa_supplicant version in environments with rogue access points or untrusted networks.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate risk due to MITM potential, but high attack complexity and lack of widespread exploitation reduce immediate threat.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"w1.fi wpa_supplicant\\\"],\\n \\\"affected_versions\\\": \\\"2.0-16\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires wpa_supplicant configured for certificate-based authentication (e.g., EAP-TLS).\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Relevant if Wi-Fi clients connect to untrusted or public networks.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Rogue Access Point MITM\\\",\\n \\\"attacker_goal\\\": \\\"Intercept Wi-Fi authentication credentials or session data.\\\",\\n \\\"steps_high_level\\\": [\\\"Set up rogue access point mimicking legitimate network.\\\", \\\"Present malformed certificate with mismatched subject name to client.\\\", \\\"Exploit wpa_supplicant validation flaw to establish MITM position.\\\"],\\n \\\"likely_targets\\\": \\\"Mobile devices or laptops using affected wpa_supplicant in public/untrusted Wi-Fi environments.\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Hardening\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade wpa_supplicant to a version that properly validates certificate subject names.\\\",\\n \\\"Enforce strict certificate validation policies in wpa_supplicant configuration (e.g., domain_match, subject_match).\\\",\\n \\\"Segment Wi-Fi networks and implement rogue AP detection to reduce MITM opportunities.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Use wired connections or VPNs for sensitive communications until patching is complete.\\\",\\n \\\"patching_notes\\\": \\\"Verify compatibility with existing Wi-Fi infrastructure before deploying patches.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Confirm wpa_supplicant version is updated beyond 2.0-16.\\\",\\n \\\"Test certificate validation by intentionally presenting invalid subject names.\\\",\\n \\\"Review logs for certificate validation failures or MITM attempts.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of current wpa_supplicant configuration and binaries; test rollback in non-production environment.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor wpa_supplicant logs for certificate validation errors or subject name mismatches.\\\",\\n \\\"Deploy rogue AP detection tools to identify unauthorized access points.\\\",\\n \\\"Use EDR/NDR to flag unexpected network intermediaries during Wi-Fi authentication.\\\",\\n \\\"Hunt for anomalous TLS/SSL handshake patterns in Wi-Fi traffic captures.\\\",\\n \\\"Correlate client connection failures with potential MITM indicators (e.g., repeated certificate warnings).\\\",\\n \\\"Audit Wi-Fi client configurations for weak certificate validation settings.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00301\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Low; affects specific wpa_supplicant version, not a broad supply chain issue.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Fixed versions\\\", \\\"Vendor advisory links\\\", \\\"Detailed exploit technical details\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS score discrepancy: 0.3000 (cves_euvd) vs 0.00301 (cves_epss); using cves_epss as authoritative source.\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed CWE-297 (Improper Certificate Validation) based on description; CWE not explicitly provided.\\\"],\\n \\\"confidence\\\": \\\"Medium; core vulnerability details are clear, but missing patch and vendor information limits completeness.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://bugzilla.redhat.com/show_bug.cgi?id=1178263\\\",\\n \\\"https://bugzilla.redhat.com/show_bug.cgi?id=1178921\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"32\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2015-1863\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2015-1863\\\",\\n \\\"title\\\": \\\"wpa_supplicant Heap-Based Buffer Overflow in P2P Management Frame Handling\\\",\\n \\\"short_description\\\": \\\"A heap-based buffer overflow exists in wpa_supplicant versions 1.0 through 2.4. Remote attackers can trigger the vulnerability via crafted SSID information within a management frame during P2P entry creation or update, leading to denial of service, memory disclosure, or potential arbitrary code execution.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability affects the core Wi-Fi supplicant used across Linux distributions and embedded systems, enabling attackers within radio range to potentially crash devices, leak memory, or achieve code execution without authentication. The exposure is significant on devices with Wi-Fi enabled, particularly those in untrusted networks or public-facing environments. Successful exploitation could lead to device compromise, network infiltration, or lateral movement.\\\",\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"2.0\\\",\\n \\\"cvss_base_score\\\": \\\"5.8\\\",\\n \\\"cvss_vector\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-122\\\"],\\n \\\"weakness_summary\\\": \\\"Heap-based buffer overflow triggered by crafted SSID in a management frame during P2P operations.\\\",\\n \\\"attack_surface\\\": \\\"Wireless network interface; requires proximity or ability to inject management frames.\\\"\\n },\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Public PoC\\\",\\n \\\"exploit_summary\\\": \\\"A public proof-of-concept exists (PacketStorm), indicating exploit code is available. No explicit in-the-wild exploitation is stated in the input data.\\\",\\n \\\"evidence_signals\\\": [\\\"Public PoC exploit available on PacketStorm\\\", \\\"EPSS score indicates low current exploitation likelihood\\\", \\\"No CISA KEV listing\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Adjacent network (wireless proximity)\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low (crafted frame injection)\\\"\\n }\\n },\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Public PoC exists, but EPSS suggests low active exploitation. Impact is high (RCE potential), but requires wireless proximity and P2P scenario. Prioritize patching in environments with exposed Wi-Fi or P2P usage.\\\",\\n \\\"recommended_sla\\\": \\\"30-60 days; expedite if Wi-Fi is internet-exposed or in high-risk environments.\\\"\\n },\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Confidentiality, Integrity, and Availability are all potentially impacted (memory read, code execution, crash).\\\",\\n \\\"technical_impact_details\\\": \\\"Heap overflow allows memory corruption, leading to crash (DoS), information disclosure (memory read), or arbitrary code execution with wpa_supplicant privileges (often root).\\\",\\n \\\"blast_radius\\\": \\\"All devices running affected wpa_supplicant versions with Wi-Fi enabled, particularly those using P2P functionality in untrusted wireless environments.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to RCE potential and broad deployment, but mitigated by the requirement for wireless proximity and P2P-specific trigger. Risk increases in environments with public Wi-Fi or dense device populations.\\\"\\n },\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"wpa_supplicant\\\", \\\"Ubuntu Linux\\\", \\\"Red Hat Enterprise Linux\\\", \\\"Debian Linux\\\", \\\"openSUSE\\\"],\\n \\\"affected_versions\\\": \\\"wpa_supplicant 1.0 through 2.4; various Linux distribution versions as listed.\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires Wi-Fi interface enabled and P2P (Wi-Fi Direct) functionality exposure.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Relevant for systems with Wi-Fi exposed to untrusted networks or public access points.\\\"\\n },\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Proximity-Based Device Compromise\\\",\\n \\\"attacker_goal\\\": \\\"Execute arbitrary code on a vulnerable device within wireless range.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker crafts a malicious management frame with an oversized SSID.\\\", \\\"Attacker injects the frame into the wireless environment targeting a device with P2P enabled.\\\", \\\"The victim's wpa_supplicant processes the frame, triggering the heap overflow during P2P entry creation/update.\\\", \\\"Attacker achieves code execution or causes a denial of service.\\\"],\\n \\\"likely_targets\\\": \\\"Mobile devices, laptops, or IoT devices with Wi-Fi enabled in public spaces.\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Network Infiltration via Wi-Fi Client\\\",\\n \\\"attacker_goal\\\": \\\"Compromise a Wi-Fi client to gain initial access to a corporate network.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker identifies a vulnerable device connected to a corporate Wi-Fi network.\\\", \\\"Attacker sends crafted management frames to trigger the overflow.\\\", \\\"Upon successful exploitation, attacker gains code execution on the client device.\\\", \\\"Attacker uses the compromised client for lateral movement within the network.\\\"],\\n \\\"likely_targets\\\": \\\"Corporate laptops or mobile devices using Wi-Fi in areas with potential attacker proximity.\\\"\\n }\\n ],\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Hardening\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Apply vendor-provided patches for wpa_supplicant to all affected systems, prioritizing internet-facing or high-risk devices.\\\",\\n \\\"Disable Wi-Fi P2P (Wi-Fi Direct) functionality on devices where it is not required to reduce the attack surface.\\\",\\n \\\"Implement network segmentation and monitoring to detect anomalous management frame activity or wpa_supplicant crashes.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disabling P2P functionality can mitigate the risk if patching is not immediately feasible.\\\",\\n \\\"patching_notes\\\": \\\"Check with respective Linux distribution vendors (Ubuntu, Red Hat, Debian, openSUSE) for specific patched package versions.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify wpa_supplicant version on all Linux systems is updated beyond 2.4 or to a patched release.\\\",\\n \\\"Confirm P2P functionality is disabled on systems where it is not needed.\\\",\\n \\\"Monitor logs for wpa_supplicant crashes or unexpected behavior related to Wi-Fi management frames.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Standard package rollback procedures apply; test patches in a non-production environment first.\\\"\\n },\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor system logs for wpa_supplicant process crashes or core dumps.\\\",\\n \\\"Use wireless intrusion detection systems (WIDS) to identify anomalous or malformed management frames.\\\",\\n \\\"Hunt for unexpected network connections or processes spawned by the wpa_supplicant user.\\\",\\n \\\"Analyze Wi-Fi driver logs for unusual frame reception or parsing errors.\\\",\\n \\\"Deploy EDR/IDS rules to detect heap corruption patterns or exploitation attempts against wpa_supplicant.\\\",\\n \\\"Correlate Wi-Fi association events with subsequent system instability or suspicious activity.\\\"\\n ],\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"http://packetstormsecurity.com/files/131598/Android-wpa_supplicant-Heap-Overflow.html\\\",\\n \\\"epss\\\": \\\"0.05376\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High; wpa_supplicant is a critical component in many Linux distributions and embedded systems.\\\"\\n },\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"CVSS 3.x vector and score\\\", \\\"Explicit fixed versions\\\", \\\"Vendor patch links\\\", \\\"Detailed technical analysis of the overflow mechanism\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"CVSS score discrepancy: CVE source lists 0.0, while EUVD lists 5.8. EUVD score is used as it is more detailed.\\\", \\\"EPSS scores differ between sources; the lower score (0.05376) is used as the primary reference.\\\"],\\n \\\"assumptions_made\\\": [\\\"P2P functionality must be exposed for exploitation, though this is implied by the description.\\\", \\\"Attack requires wireless proximity, typical for management frame injection.\\\"],\\n \\\"confidence\\\": \\\"Medium; core vulnerability details are clear, but some scoring and fix information is incomplete or conflicting.\\\"\\n },\\n \\\"references\\\": [\\n \\\"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00000.html\\\",\\n \\\"http://packetstormsecurity.com/files/131598/Android-wpa_supplicant-Heap-Overflow.html\\\"\\n ],\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"34\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2015-4142\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2015-4142\\\",\\n \\\"title\\\": \\\"Integer underflow in hostapd and wpa_supplicant WMM Action frame parser leading to DoS\\\",\\n \\\"short_description\\\": \\\"An integer underflow vulnerability exists in the WMM (Wi-Fi Multimedia) Action frame parser in hostapd 0.5.5–2.4 and wpa_supplicant 0.7.0–2.4 when used for AP mode MLME/SME functionality. A remote attacker can send a crafted WMM Action frame to trigger an out-of-bounds read, causing a denial of service (crash).\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability affects core Wi-Fi infrastructure components (hostapd and wpa_supplicant) widely deployed in access points, wireless routers, and client devices. Successful exploitation causes service disruption, impacting network availability for all connected clients. While the impact is limited to DoS rather than code execution, the attack requires only a crafted frame and can be launched by any network-adjacent device, making it relevant for enterprise wireless environments where availability is critical.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"2.0\\\",\\n \\\"cvss_base_score\\\": \\\"4.3\\\",\\n \\\"cvss_vector\\\": \\\"AV:A/AC:L/Au:N/C:N/I:N/A:P\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-191\\\"],\\n \\\"weakness_summary\\\": \\\"Integer underflow in WMM Action frame parsing logic leads to out-of-bounds read when processing malformed frames.\\\",\\n \\\"attack_surface\\\": \\\"Wireless network interface in AP mode; exploitable by sending crafted WMM Action frames over the air.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Attack requires adjacent network access and low complexity; no authentication or user interaction needed. Crafted frame triggers parser flaw causing crash.\\\",\\n \\\"evidence_signals\\\": [\\\"CVSS 2.0 AV:A (Adjacent Network)\\\", \\\"CVSS 2.0 AC:L (Low Attack Complexity)\\\", \\\"CVSS 2.0 Au:N (No Authentication)\\\", \\\"No evidence of in-the-wild exploitation in input data\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Adjacent network (wireless proximity)\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity DoS vulnerability requiring adjacent network access. No evidence of active exploitation. Impact limited to availability (crash) without code execution. Prioritize patching during regular maintenance windows for affected APs and wireless infrastructure.\\\",\\n \\\"recommended_sla\\\": \\\"90 days for patching; monitor for exploitation trends\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Denial of Service (Availability impact only)\\\",\\n \\\"technical_impact_details\\\": \\\"Out-of-bounds read causes hostapd/wpa_supplicant crash, disrupting wireless service for connected clients. No evidence of information disclosure or remote code execution.\\\",\\n \\\"blast_radius\\\": \\\"Single AP or device crash; potential service disruption for all clients associated with affected AP. Limited to wireless segment.\\\",\\n \\\"business_risk_rating\\\": \\\"2\\\",\\n \\\"business_risk_justification\\\": \\\"DoS impact on wireless availability is moderate. Attack requires physical/adjacent network proximity, limiting exposure. No data exfiltration or system compromise risk. Business impact depends on criticality of wireless services in environment.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"hostapd\\\", \\\"wpa_supplicant\\\"],\\n \\\"affected_versions\\\": \\\"hostapd 0.5.5–2.4; wpa_supplicant 0.7.0–2.4\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires AP mode MLME/SME functionality enabled\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Low; requires adjacent wireless network access, not directly internet-exploitable\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Adjacent attacker triggers AP crash via crafted WMM frame\\\",\\n \\\"attacker_goal\\\": \\\"Disrupt wireless network availability\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker obtains wireless proximity to target AP\\\", \\\"Craft malicious WMM Action frame with underflow-triggering values\\\", \\\"Transmit frame to AP; parser reads out-of-bounds and crashes service\\\"],\\n \\\"likely_targets\\\": \\\"Enterprise wireless access points, embedded devices using affected hostapd versions\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Client-mode DoS via malicious AP beacon\\\",\\n \\\"attacker_goal\\\": \\\"Crash client device wireless stack\\\",\\n \\\"steps_high_level\\\": [\\\"Set up rogue AP broadcasting crafted WMM frames\\\", \\\"Target client connects or scans; frame processed by wpa_supplicant\\\", \\\"Integer underflow triggers crash in client wireless service\\\"],\\n \\\"likely_targets\\\": \\\"Laptops, mobile devices, IoT endpoints running affected wpa_supplicant\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and network segmentation\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Apply vendor patches for hostapd and wpa_supplicant to versions beyond 2.4 if available.\\\",\\n \\\"Segment wireless networks to limit adjacent access; use strong authentication to reduce unauthorized device proximity.\\\",\\n \\\"Monitor wireless traffic for anomalous WMM frames and implement rate limiting on AP management interfaces.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disable WMM if not required; however, this may impact QoS for multimedia traffic.\\\",\\n \\\"patching_notes\\\": \\\"Verify patches with regression testing on non-production APs. Coordinate with change control for infrastructure updates.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Confirm hostapd/wpa_supplicant versions on all wireless infrastructure and clients.\\\",\\n \\\"Test patched systems with benign WMM traffic to ensure QoS functionality remains intact.\\\",\\n \\\"Deploy IDS/IPS rules to detect crafted WMM frames and validate detection post-patch.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain pre-patch configurations and binaries; plan rollback if QoS degradation occurs.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor hostapd/wpa_supplicant process crashes and restarts via syslog/EDR.\\\",\\n \\\"Hunt for malformed 802.11 WMM Action frames in wireless packet captures (look for underflow-triggering values).\\\",\\n \\\"Deploy WIDS rules to alert on anomalous WMM frame patterns or repeated crash-inducing traffic.\\\",\\n \\\"Correlate wireless disconnect events with nearby rogue APs or suspicious MAC addresses.\\\",\\n \\\"Search for client devices experiencing repeated wpa_supplicant failures after connecting to specific SSIDs.\\\",\\n \\\"Baseline normal WMM traffic patterns and alert on deviations indicative of crafted frames.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.07071\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Affects widely used open-source Wi-Fi components; embedded in many vendor products\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Fixed versions\\\", \\\"Vendor patch links\\\", \\\"CISA KEV status\\\", \\\"Public exploit availability\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"CVSS score discrepancy: cves.cvss_score shows 0.0 while cves_euvd.basescore shows 4.3; using 4.3 as authoritative\\\"],\\n \\\"assumptions_made\\\": [\\\"AP mode MLME/SME is the vulnerable configuration; client-only mode may be less exposed\\\", \\\"No RCE is assumed based on DoS-only impact description\\\"],\\n \\\"confidence\\\": \\\"Medium: Core vulnerability details are clear, but missing patch and exploit intelligence limits confidence\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171401.html\\\",\\n \\\"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172608.html\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"36\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2015-4144\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2015-4144\\\",\\n \\\"title\\\": \\\"EAP-pwd Length Validation DoS in hostapd and wpa_supplicant\\\",\\n \\\"short_description\\\": \\\"The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows unauthenticated remote attackers to crash hostapd (access point daemon) or wpa_supplicant (client daemon) by sending a crafted EAP-pwd message. The lack of length validation creates a straightforward DoS condition that can disrupt Wi-Fi authentication services, affecting both enterprise access points and client devices. While the impact is limited to availability (crash), the attack requires only network adjacency and no authentication, making it exploitable by anyone with network access to the target service.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"2.0\\\",\\n \\\"cvss_base_score\\\": \\\"5.0\\\",\\n \\\"cvss_vector\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-20\\\"],\\n \\\"weakness_summary\\\": \\\"Improper Input Validation - The software fails to validate that input messages contain sufficient data before accessing the Total-Length field, leading to out-of-bounds reads or similar memory safety issues that trigger crashes.\\\",\\n \\\"attack_surface\\\": \\\"Network-accessible EAP-pwd protocol handlers in both hostapd (server/supplicant) and wpa_supplicant (client) when EAP-pwd authentication is enabled.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"The vulnerability has moderate exploitability due to network-adjacent access requirement and lack of authentication, but the technical complexity appears low given the straightforward input validation flaw. No evidence of in-the-wild exploitation or public PoC was found in the input data.\\\",\\n \\\"evidence_signals\\\": [\\\"No CISA KEV listing present\\\", \\\"No vendor advisory references active exploitation\\\", \\\"EPSS score suggests low real-world exploitation likelihood\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Network-adjacent access to the target service (layer 2 or routed network reachability to the hostapd/wpa_supplicant listening port)\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low - single crafted packet likely sufficient\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity DoS vulnerability affecting Wi-Fi authentication infrastructure. While exploitable without authentication, impact is limited to service availability (crash) rather than code execution or data compromise. No evidence of active exploitation reduces urgency, but patching should be scheduled within standard maintenance windows given the network-accessible nature of affected services.\\\",\\n \\\"recommended_sla\\\": \\\"Patch within 30-60 days during scheduled maintenance window\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Availability impact (High) - Complete service disruption through daemon crash\\\",\\n \\\"technical_impact_details\\\": \\\"Remote unauthenticated attackers can cause hostapd or wpa_supplicant daemons to crash by sending a crafted EAP-pwd message with insufficient length to contain the Total-Length field. This results in denial of service to Wi-Fi authentication services, potentially disrupting network access for multiple clients or entire access point functionality.\\\",\\n \\\"blast_radius\\\": \\\"Medium - Affects both access points (hostapd) and client devices (wpa_supplicant) using EAP-pwd authentication. Enterprise environments with centralized authentication may experience cascading impact if critical infrastructure components are affected.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to DoS potential against critical Wi-Fi infrastructure, but limited to availability impact without data compromise or privilege escalation. Risk is elevated in environments where EAP-pwd is used for authentication and redundancy is lacking.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"hostapd\\\", \\\"wpa_supplicant\\\"],\\n \\\"affected_versions\\\": \\\"hostapd 1.0 through 2.4; wpa_supplicant 1.0 through 2.4\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"EAP-pwd authentication must be enabled and configured on either server (hostapd) or client (wpa_supplicant) side\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Medium - Services are typically network-adjacent rather than internet-facing, but exposed on local networks where attackers may gain access through various means\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Access Point DoS Attack\\\",\\n \\\"attacker_goal\\\": \\\"Disrupt Wi-Fi authentication services to deny network access\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker gains network access to target access point running vulnerable hostapd\\\", \\\"Craft EAP-pwd message with insufficient length to trigger validation flaw\\\", \\\"Send crafted packet to hostapd service causing daemon crash\\\"],\\n \\\"likely_targets\\\": \\\"Enterprise access points, public Wi-Fi hotspots, embedded devices using hostapd\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Client Device DoS\\\",\\n \\\"attacker_goal\\\": \\\"Disrupt Wi-Fi connectivity on client devices\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker positions themselves on same network segment as target client\\\", \\\"Identify client using EAP-pwd authentication via network reconnaissance\\\", \\\"Send crafted EAP-pwd response to client's wpa_supplicant causing crash\\\"],\\n \\\"likely_targets\\\": \\\"Corporate laptops, mobile devices, IoT devices using wpa_supplicant with EAP-pwd\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Management\\\",\\n \\\"mitigation_action\\\": [\\\"Apply vendor patches to upgrade hostapd and wpa_supplicant beyond version 2.4 if available\\\", \\\"Disable EAP-pwd authentication method if not required for operational needs\\\", \\\"Implement network segmentation to limit access to authentication services to authorized clients only\\\"],\\n \\\"workarounds\\\": \\\"Restrict network access to hostapd/wpa_supplicant services through firewall rules or VLAN segmentation to limit exposure to trusted clients only\\\",\\n \\\"patching_notes\\\": \\\"Verify that patched versions properly validate message length before accessing Total-Length field. Test in non-production environment to ensure compatibility with existing authentication infrastructure.\\\",\\n \\\"verification_steps\\\": [\\\"Check current versions of hostapd and wpa_supplicant on all systems\\\", \\\"Verify EAP-pwd configuration status across access points and client devices\\\", \\\"Test authentication functionality after patching to ensure service availability\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous versions and configuration files before patching. Ensure ability to quickly restore service if compatibility issues arise.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor hostapd and wpa_supplicant process crashes using system logs and process monitoring tools\\\",\\n \\\"Alert on unexpected EAP-pwd protocol messages or malformed authentication attempts from network logs\\\",\\n \\\"Implement IDS/IPS rules to detect crafted EAP-pwd packets with abnormal length fields\\\",\\n \\\"Monitor for authentication service outages or client connectivity issues that may indicate exploitation attempts\\\",\\n \\\"Review network traffic for repeated authentication failures or connection attempts to EAP-pwd services\\\",\\n \\\"Correlate timing of service crashes with network events to identify potential attack patterns\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"No evidence of active exploitation found in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.01205 (1.205%)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - hostapd and wpa_supplicant are widely used open-source components in many networking products and embedded systems\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"CVSS vector string\\\", \\\"Detailed vendor patch information\\\", \\\"Fixed version numbers\\\", \\\"Vendor advisory links\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"CVSS base score discrepancy: cves_euvd shows 5.0 while cves shows 0.0 - using 5.0 as more authoritative\\\", \\\"EPSS score conflict: cves_euvd shows 1.2000 while cves_epss shows 0.01205 - using cves_epss value as more recent\\\"],\\n \\\"assumptions_made\\\": [\\\"EAP-pwd must be enabled for vulnerability to be exploitable\\\", \\\"Network adjacency required as services typically not internet-facing\\\", \\\"Crash leads to service restart but may cause extended outage if automatic recovery not configured\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear, but missing patch information and conflicting CVSS data reduce confidence in complete assessment\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://lists.opensuse.org/opensuse-updates/2015-06/msg00019.html\\\",\\n \\\"http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"39\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2015-5314\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2015-5314\\\",\\n \\\"title\\\": \\\"hostapd 2.x EAP-pwd Fragment Reassembly Buffer Overflow DoS\\\",\\n \\\"short_description\\\": \\\"hostapd 2.x before 2.6 fails to validate the reassembly buffer size for the final fragment in EAP-pwd messages, allowing remote unauthenticated attackers to trigger a denial of service (process termination) via a large final fragment.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability affects hostapd when EAP-pwd is enabled, either with an internal EAP server or a RADIUS server. An attacker can crash the service by sending a crafted large final fragment, disrupting wireless authentication and network availability. While the impact is limited to availability (no code execution indicated), it can cause significant operational disruption in environments relying on WPA-Enterprise with EAP-pwd.\\\",\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.0\\\",\\n \\\"cvss_base_score\\\": \\\"5.9\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-119\\\"],\\n \\\"weakness_summary\\\": \\\"Improper Restriction of Operations within the Bounds of a Memory Buffer; specifically, missing length validation during fragment reassembly.\\\",\\n \\\"attack_surface\\\": \\\"Network-accessible hostapd service with EAP-pwd enabled in runtime configuration.\\\"\\n },\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires sending a crafted EAP-pwd message with a large final fragment to a vulnerable hostapd instance with EAP-pwd enabled. Attack complexity is High due to the need for precise timing/fragment handling, but no authentication or user interaction is required.\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of in-the-wild exploitation in input data.\\\", \\\"Public disclosure with technical details available (Openwall, w1.fi).\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes (adjacent or network-accessible hostapd).\\\",\\n \\\"authentication_required\\\": \\\"No.\\\",\\n \\\"user_interaction_required\\\": \\\"No.\\\",\\n \\\"privileges_required\\\": \\\"None.\\\",\\n \\\"attack_complexity\\\": \\\"High (CVSS:3.0 AC:H).\\\"\\n }\\n },\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium CVSS score (5.9) with High attack complexity and no evidence of active exploitation. Impact is limited to DoS (process termination) without code execution. Prioritize patching during standard maintenance windows unless EAP-pwd is widely deployed in exposed segments.\\\",\\n \\\"recommended_sla\\\": \\\"Patch within 30–60 days; prioritize if EAP-pwd is internet-exposed or in critical infrastructure.\\\"\\n },\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Availability (High): Process termination leading to service disruption.\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation crashes the hostapd process, disrupting WPA-Enterprise authentication for associated clients. No confidentiality or integrity impact indicated.\\\",\\n \\\"blast_radius\\\": \\\"Limited to hosts running vulnerable hostapd with EAP-pwd enabled. Radius may extend to all clients relying on the affected access point for authentication.\\\",\\n \\\"business_risk_rating\\\": \\\"2\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate risk due to DoS potential, but mitigated by High attack complexity and lack of active exploitation. Risk increases if EAP-pwd is used in critical or exposed networks.\\\"\\n },\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"hostapd 2.x before 2.6\\\", \\\"Debian Linux 8.0\\\"],\\n \\\"affected_versions\\\": \\\"hostapd 2.x versions before 2.6.\\\",\\n \\\"fixed_versions\\\": \\\"hostapd 2.6 and later.\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires EAP-pwd enabled in runtime configuration (internal EAP server or RADIUS server).\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Relevant if hostapd is internet-facing (uncommon but possible in remote AP scenarios). Most deployments are internal/adjacent network.\\\"\\n },\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"DoS Against Enterprise Wi-Fi Authentication\\\",\\n \\\"attacker_goal\\\": \\\"Disrupt wireless authentication service to cause operational impact.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker identifies a network segment with hostapd using EAP-pwd.\\\", \\\"Craft a large final fragment in an EAP-pwd message.\\\", \\\"Send crafted packet to trigger buffer overflow and process crash.\\\"],\\n \\\"likely_targets\\\": \\\"Enterprise access points or RADIUS servers with EAP-pwd enabled.\\\"\\n }\\n ],\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch or Configuration Change\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade hostapd to version 2.6 or later to address the buffer validation flaw.\\\",\\n \\\"Disable EAP-pwd in runtime configuration if not required, using alternative EAP methods (e.g., EAP-TLS, PEAP).\\\",\\n \\\"Implement network segmentation to restrict access to hostapd/RADIUS services to trusted clients only.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disable EAP-pwd if not in use; monitor hostapd process health for unexpected terminations.\\\",\\n \\\"patching_notes\\\": \\\"Verify patch compatibility with existing RADIUS infrastructure and client supplicants before deployment.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Confirm hostapd version is 2.6 or later post-patch.\\\",\\n \\\"Validate EAP-pwd functionality remains operational after upgrade.\\\",\\n \\\"Review logs for any prior crash events related to EAP-pwd.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of configuration and binaries; test rollback procedure in non-production if patching causes issues.\\\"\\n },\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor hostapd process crashes or unexpected terminations via EDR/syslog.\\\",\\n \\\"Alert on anomalous EAP-pwd message sizes or fragment patterns in network traffic.\\\",\\n \\\"Hunt for repeated authentication failures from clients after hostapd restart.\\\",\\n \\\"Correlate RADIUS authentication logs with hostapd availability events.\\\",\\n \\\"Inspect packet captures for oversized EAP-pwd fragments targeting hostapd ports.\\\",\\n \\\"Deploy IDS/IPS rules to detect EAP-pwd fragment manipulation attempts.\\\"\\n ],\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.01150 (percentile: 0.77852)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Low; direct hostapd vulnerability, not a supply chain issue.\\\"\\n },\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Vendor advisory link\\\", \\\"Detailed affected version ranges beyond '2.x before 2.6'\\\", \\\"Exploit code availability\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS score discrepancy: cves_euvd reports 1.1500, cves_epss reports 0.01150; using cves_epss as authoritative source.\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed 'process termination' implies DoS without code execution based on description.\\\", \\\"Inferred no active exploitation due to lack of evidence in input.\\\"],\\n \\\"confidence\\\": \\\"Medium: Core vulnerability details are clear, but limited vendor documentation and exploit intelligence.\\\"\\n },\\n \\\"references\\\": [\\n \\\"http://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt\\\",\\n \\\"http://www.openwall.com/lists/oss-security/2015/11/10/10\\\"\\n ],\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"40\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2015-5315\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2015-5315\\\",\\n \\\"title\\\": \\\"wpa_supplicant EAP-pwd Fragment Reassembly Denial of Service\\\",\\n \\\"short_description\\\": \\\"wpa_supplicant 2.x before 2.6 does not validate the reassembly buffer size for the final fragment in EAP-pwd messages, allowing remote attackers to cause a denial of service (process termination) via a large final fragment when EAP-pwd is enabled.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows a network-adjacent attacker to crash wpa_supplicant, disrupting Wi-Fi authentication and network connectivity for affected devices. While it only causes denial of service, it affects the authentication daemon itself, potentially requiring manual intervention to restore connectivity. The attack requires EAP-pwd to be enabled in the network configuration, limiting exposure to organizations using this specific EAP method.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.0\\\",\\n \\\"cvss_base_score\\\": \\\"5.9\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-119\\\"],\\n \\\"weakness_summary\\\": \\\"Improper Restriction of Operations within the Bounds of a Memory Buffer - Missing bounds check on fragment reassembly buffer\\\",\\n \\\"attack_surface\\\": \\\"Network attack surface when EAP-pwd authentication is enabled in wpa_supplicant configuration\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Attack requires network access, EAP-pwd enabled configuration, and ability to send crafted EAP-pwd fragments. High attack complexity due to need for timing and fragment manipulation.\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of in-the-wild exploitation found in input data\\\", \\\"EPSS score suggests low exploitation likelihood (1.15%)\\\", \\\"Vulnerability published in 2015 with limited public attention\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Network-adjacent access required\\\",\\n \\\"authentication_required\\\": \\\"No authentication required\\\",\\n \\\"user_interaction_required\\\": \\\"No user interaction required\\\",\\n \\\"privileges_required\\\": \\\"No privileges required\\\",\\n \\\"attack_complexity\\\": \\\"High complexity - requires precise fragment crafting and timing\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity DoS vulnerability with high attack complexity. Requires EAP-pwd configuration to be exploitable. No evidence of active exploitation. Priority should be given to systems with EAP-pwd enabled and those in critical network infrastructure roles.\\\",\\n \\\"recommended_sla\\\": \\\"Patch within 90 days for systems with EAP-pwd enabled; 180 days for others\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Availability impact only - process termination causing loss of network connectivity\\\",\\n \\\"technical_impact_details\\\": \\\"wpa_supplicant process crashes when processing a specially crafted large final fragment in EAP-pwd message reassembly. This disrupts Wi-Fi authentication and requires process restart to restore connectivity.\\\",\\n \\\"blast_radius\\\": \\\"Limited to systems with EAP-pwd enabled in wpa_supplicant configuration. Affects wpa_supplicant 2.x before 2.6 on various platforms including Debian 8.0.\\\",\\n \\\"business_risk_rating\\\": \\\"2\\\",\\n \\\"business_risk_justification\\\": \\\"Limited business risk due to: (1) DoS only, no data compromise; (2) Requires specific EAP-pwd configuration; (3) High attack complexity; (4) Affects older versions (pre-2.6); (5) Workaround available via disabling EAP-pwd if not needed\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"w1.fi wpa_supplicant\\\", \\\"Debian Linux 8.0\\\"],\\n \\\"affected_versions\\\": \\\"wpa_supplicant 2.x versions before 2.6\\\",\\n \\\"fixed_versions\\\": \\\"wpa_supplicant 2.6 and later\\\",\\n \\\"configuration_dependencies\\\": \\\"EAP-pwd must be enabled in wpa_supplicant network configuration profile\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Low - requires network adjacency; not directly internet-exploitable unless attacker has network access\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Targeted DoS Against Enterprise Wi-Fi\\\",\\n \\\"attacker_goal\\\": \\\"Disrupt Wi-Fi authentication for specific devices or users\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker gains network access to the same broadcast domain as target\\\", \\\"Identifies target devices using EAP-pwd authentication\\\", \\\"Crafts malicious EAP-pwd message with oversized final fragment\\\", \\\"Injects crafted packet causing wpa_supplicant crash\\\"],\\n \\\"likely_targets\\\": \\\"Enterprise devices configured with EAP-pwd authentication, particularly those in sensitive roles or requiring continuous connectivity\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Opportunistic Network Disruption\\\",\\n \\\"attacker_goal\\\": \\\"Cause widespread authentication failures in EAP-pwd enabled environments\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker scans network for EAP-pwd enabled access points\\\", \\\"Broadcasts malicious EAP-pwd fragments to multiple targets\\\", \\\"Exploits lack of buffer validation in fragment reassembly\\\", \\\"Causes multiple wpa_supplicant instances to crash simultaneously\\\"],\\n \\\"likely_targets\\\": \\\"Organizations using EAP-pwd for wireless authentication across multiple devices\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch or Configuration Change\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade wpa_supplicant to version 2.6 or later to address the buffer validation issue.\\\",\\n \\\"Disable EAP-pwd in network configuration profiles if this authentication method is not required for operational needs.\\\",\\n \\\"Implement network segmentation to limit potential attackers' access to the broadcast domains containing EAP-pwd enabled devices.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disable EAP-pwd authentication method in wpa_supplicant configuration if not actively used\\\",\\n \\\"patching_notes\\\": \\\"Fixed in wpa_supplicant 2.6. Verify that EAP-pwd functionality is properly restored after patching if this authentication method is required.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify wpa_supplicant version is 2.6 or later using 'wpa_supplicant -v' command.\\\",\\n \\\"Review network configuration files to confirm EAP-pwd status and usage requirements.\\\",\\n \\\"Test EAP-pwd authentication functionality after patching to ensure proper operation.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of current wpa_supplicant configuration and binaries before upgrading. Test new version in non-production environment first.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor wpa_supplicant process crashes and restarts using system logs and process monitoring tools\\\",\\n \\\"Alert on unusual EAP-pwd message patterns or fragment sizes in network traffic analysis\\\",\\n \\\"Search authentication logs for EAP-pwd authentication failures followed by service disruptions\\\",\\n \\\"Hunt for network packets with malformed EAP-pwd fragments using packet capture analysis\\\",\\n \\\"Monitor for repeated authentication attempts or connection drops from single sources\\\",\\n \\\"Implement IDS/IPS rules to detect oversized EAP-pwd fragments or suspicious EAP-pwd message patterns\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"No evidence of active exploitation found in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"1.15% (0.01150) - Low exploitation probability\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Affects wpa_supplicant component used in various Linux distributions and embedded systems\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed vendor patch information\\\", \\\"Complete list of affected operating systems and distributions\\\", \\\"Specific exploit code availability\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS scores show discrepancy between sources (1.15% vs 1.1500)\\\", \\\"Limited information on real-world exploitation potential\\\"],\\n \\\"assumptions_made\\\": [\\\"EAP-pwd usage is relatively uncommon in typical enterprise environments\\\", \\\"Process crash requires manual or automatic restart for service restoration\\\"],\\n \\\"confidence\\\": \\\"Medium confidence - Core vulnerability details are clear but limited information on current exploitation status and comprehensive affected product list\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt\\\",\\n \\\"http://www.openwall.com/lists/oss-security/2015/11/10/10\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"42\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2015-8041\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2015-8041\\\",\\n \\\"title\\\": \\\"Multiple Integer Overflows in hostapd and wpa_supplicant NDEF Parser\\\",\\n \\\"short_description\\\": \\\"Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in a WPS or P2P NFC NDEF record, which triggers an out-of-bounds read.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability enables remote attackers to crash critical Wi‑Fi infrastructure daemons (hostapd, wpa_supplicant) via crafted NFC NDEF records, leading to persistent DoS on access points or clients. The affected components are foundational to secure Wi‑Fi operations; a crash can disrupt network availability, interrupt WPS/P2P provisioning, and potentially expose devices to secondary attacks during service restoration. While the primary impact is DoS, out-of-bounds reads may leak adjacent memory under certain conditions, though this is not explicitly confirmed in the input data.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"2.0\\\",\\n \\\"cvss_base_score\\\": \\\"5.0\\\",\\n \\\"cvss_vector\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-190\\\", \\\"CWE-125\\\"],\\n \\\"weakness_summary\\\": \\\"Integer overflow in NDEF record parser leading to out-of-bounds read and denial of service.\\\",\\n \\\"attack_surface\\\": \\\"Network-accessible NFC NDEF record processing in WPS and P2P contexts.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Remote attackers can trigger DoS via crafted NFC NDEF records with large payload length fields. No authentication or user interaction is required, but NFC proximity or relayed NFC traffic is typically needed.\\\",\\n \\\"evidence_signals\\\": [\\\"No explicit evidence of in-the-wild exploitation or public PoC in input data.\\\", \\\"EPSS score 0.01495 (percentile 0.80501) suggests low observed exploitation as of 2025-11-23.\\\", \\\"CVSS 2.0 base score 5.0 reflects medium exploitability with network access.\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes (NFC NDEF records typically require NFC proximity or relayed NFC traffic).\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low (crafting large payload length fields is straightforward).\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity DoS vulnerability in critical Wi‑Fi daemons with no evidence of active exploitation. Patching should be scheduled within standard maintenance windows unless NFC attack surface is externally exposed or mission-critical.\\\",\\n \\\"recommended_sla\\\": \\\"Patch within 30–60 days; prioritize if NFC is internet-accessible or in high-availability environments.\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Denial of Service (process crash or infinite loop) with potential for limited information disclosure via out-of-bounds read.\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation crashes hostapd or wpa_supplicant, disrupting Wi‑Fi connectivity, WPS provisioning, and P2P NFC setup. Infinite loop can render services unresponsive until restart.\\\",\\n \\\"blast_radius\\\": \\\"Affects hostapd (AP mode) and wpa_supplicant (client mode) versions before 2.5. Impact is localized to devices processing malicious NFC NDEF records, but can propagate to dependent services.\\\",\\n \\\"business_risk_rating\\\": \\\"2\\\",\\n \\\"business_risk_justification\\\": \\\"DoS impact is significant for Wi‑Fi-dependent operations, but NFC attack vector is constrained by proximity and compensating controls (restart mechanisms, network segmentation). Low observed exploitation reduces immediate threat.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"w1.fi hostapd\\\", \\\"w1.fi wpa_supplicant\\\", \\\"openSUSE 13.1\\\", \\\"openSUSE 13.2\\\"],\\n \\\"affected_versions\\\": \\\"hostapd before 2.5; wpa_supplicant before 2.5; openSUSE 13.1 and 13.2 (packaging affected versions).\\\",\\n \\\"fixed_versions\\\": \\\"hostapd 2.5 and later; wpa_supplicant 2.5 and later.\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires NFC support enabled and WPS/P2P NDEF record processing. Not applicable if NFC is disabled or unsupported.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Low unless NFC traffic is relayed over networks; typically requires physical or close proximity NFC interaction.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"NFC-Triggered Access Point DoS\\\",\\n \\\"attacker_goal\\\": \\\"Disrupt Wi‑Fi access point availability by crashing hostapd.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker crafts NFC NDEF record with large payload length field.\\\", \\\"Attacker places NFC tag near target AP or relays NFC traffic.\\\", \\\"AP processes malicious NDEF record, triggering integer overflow and out-of-bounds read.\\\", \\\"hostapd crashes or enters infinite loop, disrupting Wi‑Fi services.\\\"],\\n \\\"likely_targets\\\": \\\"Public Wi‑Fi hotspots, enterprise APs with NFC provisioning enabled.\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Client-Side wpa_supplicant Crash via NFC\\\",\\n \\\"attacker_goal\\\": \\\"Disable Wi‑Fi connectivity on client devices (e.g., smartphones, IoT devices).\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker creates malicious NFC tag with oversized payload length in WPS/P2P NDEF.\\\", \\\"Victim device scans the NFC tag during P2P or WPS setup.\\\", \\\"wpa_supplicant parses the record, triggering integer overflow.\\\", \\\"Client Wi‑Fi stack crashes, requiring reboot or service restart.\\\"],\\n \\\"likely_targets\\\": \\\"Mobile devices, IoT endpoints with NFC-enabled Wi‑Fi setup.\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Hardening\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade hostapd and wpa_supplicant to version 2.5 or later to address integer overflows.\\\",\\n \\\"Disable NFC-based WPS and P2P provisioning if not required, or restrict NFC interactions to trusted sources.\\\",\\n \\\"Implement watchdog or auto-restart mechanisms for hostapd/wpa_supplicant to reduce DoS impact.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disable NFC NDEF record processing for WPS/P2P if feasible; enforce physical access controls for NFC readers.\\\",\\n \\\"patching_notes\\\": \\\"Verify compatibility of version 2.5+ with existing hardware drivers and Wi‑Fi stacks before deployment.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Confirm installed versions of hostapd and wpa_supplicant are 2.5 or later using package managers or binary checks.\\\",\\n \\\"Test NFC WPS/P2P functionality post-patch to ensure legitimate use cases remain operational.\\\",\\n \\\"Monitor logs for repeated crashes or NDEF parsing errors indicating attempted exploitation.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backups of configuration files and previous package versions; test rollback procedures in non-production environments.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor hostapd and wpa_supplicant process crashes or restart patterns via system logs (e.g., journalctl, syslog).\\\",\\n \\\"Alert on NFC NDEF records with abnormally large payload length fields using IDS/IPS rules or custom parsers.\\\",\\n \\\"Hunt for repeated NFC scan attempts or unexpected NFC traffic from untrusted sources in network captures.\\\",\\n \\\"Correlate Wi‑Fi service disruptions with NFC events on affected devices to identify potential exploitation.\\\",\\n \\\"Search for out-of-bounds read signatures in crash dumps or memory dumps of hostapd/wpa_supplicant.\\\",\\n \\\"Deploy EDR/NDR sensors to detect anomalous NFC interactions or Wi‑Fi daemon behavior deviations.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.01495 (percentile 0.80501) as of 2025-11-23\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Affects open-source Wi‑Fi components widely used in Linux distributions and embedded systems.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed CVSS 2.0 vector string\\\", \\\"Explicit vendor patch links\\\", \\\"CISA KEV status\\\", \\\"Public PoC references\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"CVSS score discrepancy: cves.cvss_score=0.0 vs cves_euvd.basescore=5.0; using 5.0 as authoritative.\\\", \\\"EPSS values differ between sources (1.5000 vs 0.01495); using 0.01495 from cves_epss as latest.\\\"],\\n \\\"assumptions_made\\\": [\\\"NFC proximity is required for typical exploitation, limiting remote attack surface.\\\", \\\"DoS is primary impact; information disclosure potential is not confirmed in input.\\\"],\\n \\\"confidence\\\": \\\"Medium (core vulnerability details are clear, but missing exploit evidence and vector string reduce precision).\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://lists.opensuse.org/opensuse-updates/2015-11/msg00037.html\\\",\\n \\\"http://lists.opensuse.org/opensuse-updates/2015-11/msg00041.html\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"29\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2020-22284\",\n            \"component_name\": \"lwip\",\n            \"component_version\": \"2.1.3\",\n            \"component_cpe\": \"cpe:2.3:a:lwip_project:lwip:2.1.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/lwip@2.1.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2020-22284\\\",\\n \\\"title\\\": \\\"lwIP Buffer Overflow in zepif_linkoutput()\\\",\\n \\\"short_description\\\": \\\"A buffer overflow vulnerability exists in the zepif_linkoutput() function of the Free Software Foundation lwIP library (git head and version 2.1.2). Attackers can exploit this by sending a crafted 6LoWPAN packet to access sensitive information.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows unauthenticated remote attackers to trigger a buffer overflow via network packets, potentially leading to information disclosure. Given lwIP's widespread use in embedded systems and IoT devices, successful exploitation could expose sensitive data from vulnerable devices, particularly those utilizing 6LoWPAN for low-power wireless networks.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"7.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\\\",\\n \\\"severity_label\\\": \\\"HIGH\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-120\\\"],\\n \\\"weakness_summary\\\": \\\"Classic buffer overflow in network packet processing function zepif_linkoutput(), triggered by malformed 6LoWPAN packets leading to out-of-bounds memory access.\\\",\\n \\\"attack_surface\\\": \\\"Network-facing 6LoWPAN interface in lwIP stack implementations; primarily affects IoT/embedded devices using 6LoWPAN compression for IPv6 over low-power wireless networks.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"No evidence of in-the-wild exploitation or public PoC was found in the input data. However, the vulnerability has low attack complexity, requires no authentication or user interaction, and operates over network-accessible interfaces, making it moderately exploitable.\\\",\\n \\\"evidence_signals\\\": [\\\"CVSS:3.1 base score 7.5 (High)\\\", \\\"EPSS score 0.00314 (0.53991 percentile)\\\", \\\"No CISA KEV listing\\\", \\\"No public exploit references in input data\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Network\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"High - Urgent Verification\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"High CVSS score (7.5) with network-accessible attack vector and no authentication requirements. While no active exploitation is documented, the buffer overflow nature and information disclosure impact warrant urgent verification of affected IoT/embedded devices, particularly those with internet-facing 6LoWPAN interfaces.\\\",\\n \\\"recommended_sla\\\": \\\"Initial assessment within 24 hours; remediation within 7-14 days depending on exposure and device criticality\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Confidentiality: High (information disclosure); Integrity: None; Availability: None\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation allows attackers to read sensitive information from memory beyond the intended buffer boundaries in the zepif_linkoutput() function. This could expose network state, device configurations, or potentially authentication credentials depending on memory layout and what data resides adjacent to the overflowed buffer.\\\",\\n \\\"blast_radius\\\": \\\"Medium to High - Limited to devices running vulnerable lwIP versions with 6LoWPAN enabled, but potentially widespread across IoT/embedded ecosystems where lwIP is commonly deployed. Impact scales with number of exposed devices and sensitivity of data in memory.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to information disclosure potential in embedded/IoT devices, which often handle sensitive operational data. Risk increases significantly if vulnerable devices are internet-facing or process regulated data (PII, PHI). The lack of active exploitation reports reduces immediate urgency, but the vulnerability's nature and exposure vector justify proactive remediation.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Free Software Foundation lwIP\\\"],\\n \\\"affected_versions\\\": \\\"git head version, version 2.1.2\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires lwIP stack with 6LoWPAN support enabled; typically affects embedded systems and IoT devices implementing IPv6 over low-power wireless networks (IEEE 802.15.4, LoRa, etc.).\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High - 6LoWPAN interfaces may be exposed to network attacks if devices are internet-accessible or compromised through adjacent network segments. IoT devices frequently have limited security controls and may be deployed in untrusted environments.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Remote Information Disclosure via Malicious 6LoWPAN Packet\\\",\\n \\\"attacker_goal\\\": \\\"Extract sensitive information from vulnerable IoT device memory\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker crafts malicious 6LoWPAN packet with oversized payload targeting zepif_linkoutput() function\\\", \\\"Packet sent to vulnerable device over network (local or remote depending on exposure)\\\", \\\"Buffer overflow triggers memory read beyond bounds, exposing adjacent sensitive data\\\"],\\n \\\"likely_targets\\\": \\\"Internet-facing IoT devices, industrial control systems, smart building sensors, medical devices using lwIP with 6LoWPAN\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Supply Chain Attack on Embedded Device Firmware\\\",\\n \\\"attacker_goal\\\": \\\"Compromise downstream products incorporating vulnerable lwIP library\\\",\\n \\\"steps_high_level\\\": [\\\"Identify products using vulnerable lwIP versions through firmware analysis or vendor disclosures\\\", \\\"Exploit buffer overflow to extract firmware secrets, cryptographic keys, or device credentials\\\", \\\"Use extracted information to develop broader attacks against device ecosystem\\\"],\\n \\\"likely_targets\\\": \\\"Consumer IoT products, industrial equipment, automotive systems, and other embedded devices incorporating lwIP stack\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Network Segmentation\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade lwIP to patched version (check upstream repository for fixes beyond 2.1.2 and git head)\\\",\\n \\\"Implement network segmentation to isolate 6LoWPAN devices from untrusted networks and internet exposure\\\",\\n \\\"Deploy intrusion detection/prevention systems to monitor for anomalous 6LoWPAN packet patterns and buffer overflow attempts\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disable 6LoWPAN support if not required; implement input validation and packet size limits at network perimeter; use memory protection mechanisms (ASLR, DEP) where supported by platform\\\",\\n \\\"patching_notes\\\": \\\"Verify patch availability from lwIP upstream repository; coordinate with device vendors for firmware updates if using commercial products incorporating lwIP. Test patches in isolated environment before production deployment due to potential impact on 6LoWPAN functionality.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Inventory all devices and firmware versions using lwIP library, particularly those with 6LoWPAN enabled\\\",\\n \\\"Test patched versions in lab environment to verify 6LoWPAN functionality remains intact\\\",\\n \\\"Deploy network monitoring to detect exploitation attempts and validate mitigation effectiveness\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous firmware/configuration before patching; ensure rollback procedures account for potential service disruption to 6LoWPAN-dependent devices\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor network traffic for malformed 6LoWPAN packets with unusual payload sizes or structure\\\",\\n \\\"Deploy endpoint detection on embedded devices for memory corruption indicators (segmentation faults, abnormal process termination)\\\",\\n \\\"Search logs for repeated connection attempts to 6LoWPAN ports from external sources\\\",\\n \\\"Hunt for anomalous memory read patterns in lwIP process address space using embedded system debug capabilities\\\",\\n \\\"Correlate network IDS alerts with device behavior anomalies to identify potential exploitation attempts\\\",\\n \\\"Monitor for unexpected information disclosure through network packet captures and device telemetry\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00314 (percentile: 0.53991)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High - lwIP is widely used embedded TCP/IP stack; vulnerability affects core library that may be incorporated into numerous downstream products without explicit vendor notification\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Fixed version information\\\", \\\"Vendor patch availability\\\", \\\"Detailed technical analysis of overflow mechanism\\\", \\\"Platform-specific impact details\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS score discrepancy: cves_euvd shows 0.3100 while cves_epss shows 0.00314 - using cves_epss value as more recent (2025-11-23)\\\", \\\"Limited information on exploitability conditions and memory layout requirements\\\"],\\n \\\"assumptions_made\\\": [\\\"6LoWPAN interface exposure increases attack surface significantly\\\", \\\"Information disclosure could expose sensitive operational data\\\", \\\"Embedded devices may lack memory protection features increasing exploitability\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are documented but technical specifics about exploitation mechanics and fixed versions are limited\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://savannah.nongnu.org/bugs/index.php?58554\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"54\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2018-14526\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2018-14526\\\",\\n \\\"title\\\": \\\"wpa_supplicant 2.0–2.6 EAPOL-Key Integrity Check Vulnerability\\\",\\n \\\"short_description\\\": \\\"An integrity check flaw in wpa_supplicant's EAPOL-Key message handling allows an attacker within radio range to abuse a decryption oracle and recover sensitive information.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability enables an attacker to decrypt wireless traffic without cracking the Wi‑Fi password by exploiting a logical flaw in the supplicant's message validation. It affects a core Wi‑Fi client component widely deployed across Linux systems and IoT devices, potentially exposing credentials, session tokens, and other sensitive data transmitted over the network.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.0\\\",\\n \\\"cvss_base_score\\\": \\\"6.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"Not available / Not specified in input data\\\"],\\n \\\"weakness_summary\\\": \\\"Integrity check bypass in EAPOL-Key message processing leading to a decryption oracle.\\\",\\n \\\"attack_surface\\\": \\\"Wi‑Fi client attack surface; requires attacker within radio range (adjacent network).\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires proximity to the target Wi‑Fi client and AP, but no authentication or user interaction. Attack complexity is low once in range.\\\",\\n \\\"evidence_signals\\\": [\\\"No explicit in-the-wild exploitation or public PoC reported in input data.\\\", \\\"EPSS score suggests low current exploitation likelihood.\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Adjacent (radio range)\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"CVSS 6.5 MEDIUM with adjacent-network access required; no evidence of active exploitation. Prioritize patching in environments with high-density Wi‑Fi clients or exposed mobile/IoT devices.\\\",\\n \\\"recommended_sla\\\": \\\"90 days\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"High confidentiality impact (information disclosure); no integrity or availability impact.\\\",\\n \\\"technical_impact_details\\\": \\\"Attackers can decrypt wireless frames and recover sensitive data (e.g., passwords, session cookies) without obtaining the Wi‑Fi passphrase.\\\",\\n \\\"blast_radius\\\": \\\"All wpa_supplicant 2.0–2.6 clients within radio range of an attacker; Ubuntu 14.04/16.04/18.04 LTS and Debian 8 explicitly listed.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to proximity requirement and lack of active exploitation signals. Risk increases in environments with dense Wi‑Fi deployments, guest networks, or unsegmented wireless access.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"wpa_supplicant\\\", \\\"Ubuntu Linux 14.04 LTS\\\", \\\"Ubuntu Linux 16.04 LTS\\\", \\\"Ubuntu Linux 18.04 LTS\\\", \\\"Debian Linux 8.0\\\"],\\n \\\"affected_versions\\\": \\\"wpa_supplicant 2.0 through 2.6\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires wpa_supplicant acting as a Wi‑Fi client; not applicable to AP mode.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Indirect: attackers within radio range can exploit regardless of internet connectivity.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Wireless Eavesdropping via Decryption Oracle\\\",\\n \\\"attacker_goal\\\": \\\"Decrypt sensitive data from nearby Wi‑Fi clients without knowledge of the Wi‑Fi password.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker positions within radio range of target client and AP.\\\", \\\"Attacker injects manipulated EAPOL-Key messages to trigger the decryption oracle.\\\", \\\"Attacker analyzes responses to recover plaintext or session keys.\\\"],\\n \\\"likely_targets\\\": \\\"Corporate laptops on guest Wi‑Fi, IoT devices in open areas, public hotspots.\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Credential Harvesting from Unpatched Clients\\\",\\n \\\"attacker_goal\\\": \\\"Capture credentials or session tokens transmitted over Wi‑Fi by exploiting the oracle.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker sets up monitoring near high-traffic Wi‑Fi zones.\\\", \\\"Attacker exploits the oracle to decrypt HTTP/HTTPS traffic or application data.\\\", \\\"Attacker extracts authentication cookies or passwords from decrypted sessions.\\\"],\\n \\\"likely_targets\\\": \\\"Legacy Linux devices, embedded systems, and unpatched Ubuntu/Debian workstations.\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Update wpa_supplicant to a patched version (post-2.6) on all affected Linux clients and IoT devices.\\\",\\n \\\"Segment wireless networks to limit exposure and enforce network access controls for sensitive resources.\\\",\\n \\\"Deploy monitoring for anomalous EAPOL-Key message patterns or unexpected decryption attempts on Wi‑Fi segments.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"patching_notes\\\": \\\"Verify patching via package manager (apt/dpkg) on Ubuntu/Debian; ensure IoT devices receive firmware updates.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Check wpa_supplicant version on Linux clients using 'wpa_supplicant -v' or package queries.\\\",\\n \\\"Confirm updated packages are installed and the service has been restarted.\\\",\\n \\\"Test Wi‑Fi connectivity post-patch to ensure no service disruption.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain pre-patch package backups; test rollback in non-production if compatibility issues arise.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for unusual EAPOL-Key message rates or malformed frames on wireless sensors or AP logs.\\\",\\n \\\"Alert on clients repeatedly failing WPA authentication or exhibiting key negotiation anomalies.\\\",\\n \\\"Hunt for decrypted plaintext in network captures where only encrypted traffic is expected.\\\",\\n \\\"Correlate Wi‑Fi deauthentication events with subsequent decryption oracle abuse patterns.\\\",\\n \\\"Use endpoint logs to identify wpa_supplicant crashes or unexpected state changes on Linux clients.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.01138\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Affects core Wi‑Fi supplicant used across Linux distributions and embedded systems.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"CWE IDs\\\", \\\"Fixed versions\\\", \\\"Workarounds\\\", \\\"Explicit vendor advisory links\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS score discrepancy: EUVD reports 0.7700 while EPSS source reports 0.01138; using EPSS source value.\\\"],\\n \\\"assumptions_made\\\": [\\\"Ubuntu/Debian versions listed are representative; other distributions may be affected.\\\", \\\"Attack requires radio proximity; no remote exploitation assumed.\\\"],\\n \\\"confidence\\\": \\\"Medium\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00013.html\\\",\\n \\\"http://www.securitytracker.com/id/1041438\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"52\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2017-13087\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2017-13087\\\",\\n \\\"title\\\": \\\"WPA/WPA2 Group Temporal Key (GTK) Reinstallation in WNM Sleep Mode Response\\\",\\n \\\"short_description\\\": \\\"Wi-Fi Protected Access (WPA and WPA2) implementations supporting 802.11v allow reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, enabling an attacker within radio range to replay frames from access points to clients.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability permits frame replay attacks against WPA/WPA2 clients, potentially leading to packet decryption or injection. While it does not expose the full Wi-Fi passphrase, it undermines group confidentiality and integrity for multicast/broadcast traffic. The attack requires proximity (adjacent network access) and specific timing, but affects a wide range of operating systems and Wi-Fi stacks, including hostapd and wpa_supplicant. It is part of the broader KRACK (Key Reinstallation Attack) family and necessitates patching across client and infrastructure devices to fully mitigate.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.0\\\",\\n \\\"cvss_base_score\\\": \\\"5.3\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-323: Reusing a Nonce, Key Pair in Encryption\\\"],\\n \\\"weakness_summary\\\": \\\"The vulnerability stems from improper handling of the WNM Sleep Mode Response frame, which triggers reinstallation of an already-in-use Group Temporal Key (GTK). This nonce reuse weakens cryptographic guarantees for group traffic, enabling replay and potential decryption of multicast/broadcast frames.\\\",\\n \\\"attack_surface\\\": \\\"Wireless network interfaces supporting 802.11v WNM Sleep Mode; impacts both clients (wpa_supplicant) and access points (hostapd).\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Public PoC\\\",\\n \\\"exploit_summary\\\": \\\"Public proof-of-concept tools for KRACK attacks exist and can trigger GTK reinstallation via crafted WNM Sleep Mode Response frames. Exploitation requires the attacker to be within radio range and able to intercept/modify 802.11v frames. No authentication is needed, but attack complexity is high due to timing and radio environment dependencies.\\\",\\n \\\"evidence_signals\\\": [\\\"Public KRACK research and demonstrations\\\", \\\"Multiple vendor advisories acknowledging the issue\\\", \\\"CVSS:3.0 metrics indicating adjacent network access and high attack complexity\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Adjacent (radio range)\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"High (timing-dependent; requires radio proximity and frame manipulation)\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"CVSS 5.3 MEDIUM reflects adjacent-network access and high attack complexity, limiting widespread exploitation. However, the vulnerability affects core Wi-Fi security and has public PoCs. Prioritize patching during standard maintenance windows, focusing on internet-facing or high-sensitivity environments first. Coordinate with network and endpoint teams to cover both infrastructure (APs) and clients.\\\",\\n \\\"recommended_sla\\\": \\\"90 days for general assets; 30 days for high-sensitivity or internet-exposed wireless segments\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Integrity impact (High); Confidentiality and Availability (None per CVSS). Attackers can replay or potentially decrypt group-addressed frames, compromising data integrity for multicast/broadcast traffic.\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation allows replay of frames from access points to clients, undermining group key security. While unicast traffic remains protected by the Pairwise Transient Key (PTK), multicast/broadcast traffic (e.g., ARP, DHCP, IPv6 Neighbor Discovery) becomes vulnerable to replay or selective decryption if additional cryptographic weaknesses are present.\\\",\\n \\\"blast_radius\\\": \\\"All WPA/WPA2 clients and access points supporting 802.11v within radio range of an attacker. Enterprise environments with dense Wi-Fi deployments or public-facing wireless networks face higher exposure.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to the need for physical proximity and high attack complexity, reducing likelihood of mass exploitation. However, targeted attacks against high-value environments (e.g., R&D labs, executive networks) could lead to data leakage or network manipulation. Compliance implications may arise if wireless security controls are mandated (e.g., PCI-DSS for retail).\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"w1.fi hostapd\\\", \\\"w1.fi wpa_supplicant\\\", \\\"Canonical Ubuntu Linux\\\", \\\"Debian Linux\\\", \\\"FreeBSD\\\", \\\"Red Hat Enterprise Linux\\\", \\\"SUSE Linux Enterprise\\\", \\\"OpenSUSE Leap\\\"],\\n \\\"affected_versions\\\": \\\"Multiple versions of hostapd and wpa_supplicant up to and including 2.6; various OS distributions (see CPE list).\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires 802.11v WNM Sleep Mode support to be enabled/available. Many implementations enable this by default for power-saving features.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High for organizations with guest Wi-Fi or public-facing access points; moderate for internal networks due to physical proximity requirement.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Group Traffic Replay in Enterprise Network\\\",\\n \\\"attacker_goal\\\": \\\"Replay multicast/broadcast frames to manipulate network protocols or exfiltrate data from group-addressed traffic.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker positions within radio range of target WLAN and captures WNM Sleep Mode frames.\\\", \\\"Attacker crafts and transmits a malicious WNM Sleep Mode Response to trigger GTK reinstallation on a client.\\\", \\\"Once GTK is reinstalled, attacker replays previously captured multicast/broadcast frames (e.g., ARP, DHCP) to disrupt or manipulate client behavior.\\\"],\\n \\\"likely_targets\\\": \\\"Enterprise Wi-Fi networks with 802.11v-enabled clients; high-density environments like conference rooms or lobbies.\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Guest Wi-Fi Eavesdropping\\\",\\n \\\"attacker_goal\\\": \\\"Decrypt or replay group traffic on publicly accessible Wi-Fi to harvest credentials or sensitive information.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker sets up rogue AP or uses monitor mode to observe WNM Sleep Mode exchanges on guest WLAN.\\\", \\\"Attacker injects malicious WNM Sleep Mode Response frames to force GTK reinstallation on connected clients.\\\", \\\"Attacker captures and replays multicast traffic (e.g., mDNS, SSDP) to identify devices or extract information from unencrypted upper-layer protocols.\\\"],\\n \\\"likely_targets\\\": \\\"Public-facing or guest Wi-Fi networks in cafes, airports, or corporate lobbies.\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Apply vendor-provided patches for hostapd, wpa_supplicant, and operating system Wi-Fi drivers to prevent GTK reinstallation during WNM Sleep Mode processing.\\\",\\n \\\"Disable 802.11v WNM Sleep Mode on access points and clients if not required, to remove the attack vector (note: may impact power-saving features).\\\",\\n \\\"Implement network segmentation and monitoring to detect rogue APs or anomalous 802.11v frame activity, reducing the window for successful exploitation.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disabling 802.11v WNM Sleep Mode on both APs and clients can mitigate the vulnerability, but may affect power-saving functionality. Use WPA3 where possible, as it provides improved cryptographic protections against key reinstallation attacks.\\\",\\n \\\"patching_notes\\\": \\\"Coordinate patching across all Wi-Fi infrastructure (APs, controllers) and client devices (laptops, mobile devices, IoT). Prioritize internet-facing or high-risk segments first. Test patches in non-production environments to ensure compatibility.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify patch installation by checking hostapd/wpa_supplicant versions and confirming 802.11v behavior in test environments.\\\",\\n \\\"Use wireless packet analyzers to monitor for anomalous WNM Sleep Mode Response frames or GTK reinstallation events.\\\",\\n \\\"Conduct post-patch validation by attempting to trigger the vulnerability in a controlled lab setting to confirm mitigation.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"If patching causes connectivity or performance issues, rollback to previous versions may be necessary. Ensure backup configurations are available and test rollback procedures in advance. Consider temporary workarounds (e.g., disabling 802.11v) during rollback.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for repeated WNM Sleep Mode Response frames from the same source MAC within a short time window, indicating potential GTK reinstallation attempts.\\\",\\n \\\"Alert on unexpected GTK updates or rekey events in Wi-Fi infrastructure logs (e.g., AP syslogs, RADIUS accounting).\\\",\\n \\\"Use wireless IDS/IPS to detect injection of crafted 802.11v frames or anomalous sleep mode behavior from clients.\\\",\\n \\\"Hunt for rogue APs broadcasting 802.11v capabilities in proximity to corporate networks, which could be used to stage attacks.\\\",\\n \\\"Correlate EDR/NDR telemetry for clients experiencing repeated disconnections or authentication failures after connecting to Wi-Fi, as this may indicate exploitation attempts.\\\",\\n \\\"Analyze packet captures for replayed multicast/broadcast frames (e.g., duplicate ARP replies, DHCP offers) that could result from successful GTK reuse.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Public KRACK research and PoC tools are available, but no explicit in-the-wild exploitation is documented in the input data.\\\",\\n \\\"epss\\\": \\\"0.00222\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High; affects multiple OS distributions and Wi-Fi stacks (hostapd, wpa_supplicant) used across enterprise and consumer devices.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Fixed versions for affected products\\\", \\\"Explicit vendor patch links\\\", \\\"CISA KEV status\\\", \\\"Detailed exploit code references\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS score discrepancy: cves_euvd reports 0.2200, while cves_epss reports 0.00222. Using cves_epss value as it is sourced directly from EPSS with a specific date.\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed 'Public PoC' exploit status based on KRACK research being publicly available, though no explicit PoC link is provided in input.\\\", \\\"Assumed 802.11v is commonly enabled by default in modern Wi-Fi implementations.\\\"],\\n \\\"confidence\\\": \\\"Medium-High: Core vulnerability details and affected products are well-documented, but missing patch information and conflicting EPSS scores reduce confidence in prioritization metrics.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html\\\",\\n \\\"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"69\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2015-8036\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2015-8036\\\",\\n \\\"title\\\": \\\"ARM mbed TLS (PolarSSL) Heap-Based Buffer Overflow in Session Ticket Extension\\\",\\n \\\"short_description\\\": \\\"Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name in the session ticket extension when creating a ClientHello message to resume a session.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability affects mbed TLS clients across multiple distributions and can lead to client-side crashes or potential remote code execution when connecting to a malicious SSL server. The issue is triggered during session resumption, a common TLS optimization, making it relevant for any client application using affected mbed TLS versions. The heap overflow nature increases the risk of code execution, though the attack requires the client to connect to a malicious server.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"2.0\\\",\\n \\\"cvss_base_score\\\": \\\"6.8\\\",\\n \\\"cvss_vector\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-122\\\"],\\n \\\"weakness_summary\\\": \\\"Heap-based buffer overflow in session ticket extension handling when processing long session ticket names during ClientHello message creation for session resumption.\\\",\\n \\\"attack_surface\\\": \\\"Client-side TLS session resumption mechanism; exploitable when client connects to malicious SSL server offering long session ticket names.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires a malicious SSL server to provide a long session ticket name to a vulnerable client during session resumption. The client must actively connect to the attacker-controlled server.\\\",\\n \\\"evidence_signals\\\": [\\\"No explicit in-the-wild exploitation mentioned in input data\\\", \\\"EPSS score suggests low current exploitation likelihood\\\", \\\"Vendor advisories and distribution updates indicate awareness\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes - client must connect to malicious server\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"Indirect - user or application must initiate TLS connection\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Medium - requires malicious server setup and client connection\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity heap overflow with potential RCE, but requires client connection to malicious server. No evidence of active exploitation. EPSS score (0.00915) indicates low current threat. Priority is patching during regular maintenance cycles for affected clients.\\\",\\n \\\"recommended_sla\\\": \\\"90 days for internet-facing clients; 180 days for internal-only systems\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Confidentiality: Medium, Integrity: Medium, Availability: Medium\\\",\\n \\\"technical_impact_details\\\": \\\"Heap-based buffer overflow can lead to denial of service (client crash) or potential arbitrary code execution on the client system. The impact is client-side, affecting applications using mbed TLS for SSL/TLS connections.\\\",\\n \\\"blast_radius\\\": \\\"Moderate - affects all clients using vulnerable mbed TLS versions connecting to potentially malicious servers. Distribution packages (Debian 7/8, Fedora 21, openSUSE 13.2) increase exposure.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Medium business risk due to potential RCE on client systems, but mitigated by requirement for client to connect to malicious server. Risk increases for applications that automatically connect to external SSL services or have limited server trust validation.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"ARM mbed TLS\\\", \\\"PolarSSL\\\", \\\"Debian Linux\\\", \\\"Fedora\\\", \\\"openSUSE\\\"],\\n \\\"affected_versions\\\": \\\"mbed TLS 1.3.x before 1.3.14, mbed TLS 2.x before 2.1.2\\\",\\n \\\"fixed_versions\\\": \\\"mbed TLS 1.3.14, mbed TLS 2.1.2\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires client applications using mbed TLS with session ticket extension enabled (default behavior).\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High for clients connecting to external SSL servers; medium for internal-only clients.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Malicious SSL Server Session Ticket Attack\\\",\\n \\\"attacker_goal\\\": \\\"Compromise client system through heap overflow during TLS session resumption\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker sets up malicious SSL server with long session ticket names\\\", \\\"Vulnerable client application connects to malicious server\\\", \\\"Server provides long session ticket during handshake\\\", \\\"Client's mbed TLS library overflows heap buffer when creating ClientHello for session resumption\\\", \\\"Attacker achieves DoS or potential RCE depending on heap manipulation success\\\"],\\n \\\"likely_targets\\\": \\\"Client applications using mbed TLS for SSL/TLS connections, particularly those connecting to untrusted or multiple external servers\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration\\\",\\n \\\"mitigation_action\\\": [\\\"Upgrade mbed TLS to version 1.3.14 or 2.1.2 for all affected client applications and systems.\\\", \\\"Review and update distribution packages (Debian, Fedora, openSUSE) to patched versions through standard update channels.\\\", \\\"Implement network controls to restrict client connections to trusted SSL servers only, reducing exposure to malicious servers.\\\"],\\n \\\"workarounds\\\": \\\"Disable session ticket extension in mbed TLS client configuration if supported and acceptable for operational requirements (may impact performance).\\\",\\n \\\"patching_notes\\\": \\\"Coordinate patching with application teams using mbed TLS library. Test session resumption functionality post-patch to ensure compatibility.\\\",\\n \\\"verification_steps\\\": [\\\"Verify mbed TLS library version is 1.3.14+ or 2.1.2+ using library version APIs or package managers.\\\", \\\"Test TLS session resumption functionality with legitimate servers to confirm patch compatibility.\\\", \\\"Review application logs for any TLS connection failures or anomalies post-patch.\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain previous library versions and application binaries for rollback if patch causes compatibility issues with specific servers or applications.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for client application crashes with heap corruption signatures in mbed TLS context\\\",\\n \\\"Alert on TLS connections to newly observed or untrusted SSL servers from mbed TLS clients\\\",\\n \\\"Hunt for abnormal heap allocation patterns in mbed TLS client processes\\\",\\n \\\"Search network logs for TLS session resumption attempts followed by connection failures\\\",\\n \\\"Monitor for outbound connections to suspicious or newly registered domains on affected clients\\\",\\n \\\"Review EDR/process monitoring for unexpected child processes spawned from mbed TLS applications\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00915\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - affects TLS library used by multiple applications and distributions; potential supply chain impact for embedded systems and IoT devices using mbed TLS\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed CVSS vector string\\\", \\\"Explicit vendor advisory links\\\", \\\"CISA KEV status\\\", \\\"Public exploit availability confirmation\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"CVSS score discrepancy: CVE source shows 0.0 while EUVD shows 6.8 - using EUVD score as more detailed\\\", \\\"EPSS scores differ between sources (0.9200 vs 0.00915) - using EPSS source value of 0.00915\\\", \\\"Limited information on specific affected applications beyond library versions\\\"],\\n \\\"assumptions_made\\\": [\\\"Session ticket extension is enabled by default in affected versions\\\", \\\"Client applications must actively connect to malicious servers for exploitation\\\", \\\"Heap overflow could lead to RCE under favorable memory layout conditions\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear, but limited information on current exploitation status and specific affected applications reduces confidence in business impact assessment\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html\\\",\\n \\\"http://lists.opensuse.org/opensuse-updates/2016-08/msg00009.html\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"45\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2017-13078\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2017-13078\\\",\\n \\\"title\\\": \\\"WPA2 Four-Way Handshake Group Temporal Key (GTK) Reinstallation Vulnerability\\\",\\n \\\"short_description\\\": \\\"Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability enables an attacker within radio range to replay frames from access points to clients by reinstalling the Group Temporal Key (GTK) during the four-way handshake. It undermines the cryptographic integrity of WPA2, potentially allowing decryption of multicast/broadcast traffic and injection of malicious packets, impacting confidentiality and integrity of wireless communications.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.0\\\",\\n \\\"cvss_base_score\\\": \\\"5.3\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-323: Reusing a Nonce, Key Pair in Encryption\\\"],\\n \\\"weakness_summary\\\": \\\"The vulnerability involves reusing or reinstalling a cryptographic key (GTK) during the WPA2 four-way handshake, violating the security guarantee that keys should be used only once. This allows replay attacks and potential decryption of group-addressed frames.\\\",\\n \\\"attack_surface\\\": \\\"Wireless networks using WPA or WPA2; requires attacker within radio range to capture and replay handshake messages.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Public PoC\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires an attacker to be within radio range, capture the four-way handshake, and replay messages to force GTK reinstallation. Attack complexity is high due to timing and radio range constraints, but public proof-of-concept tools (e.g., KRACK attacks) demonstrate feasibility.\\\",\\n \\\"evidence_signals\\\": [\\\"Public proof-of-concept tools (KRACK) available\\\", \\\"CVSS:3.0 metrics indicate adjacent network access and high attack complexity\\\", \\\"No explicit evidence of active in-the-wild exploitation in input data\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Adjacent (wireless radio range)\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"High (timing-dependent, requires radio proximity and packet manipulation)\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"CVSS 5.3 MEDIUM severity with high attack complexity and adjacent network access requirement. Public PoC exists but no confirmed in-the-wild exploitation. Prioritize patching during regular maintenance windows for wireless infrastructure and client devices.\\\",\\n \\\"recommended_sla\\\": \\\"Patch within 30-60 days; prioritize internet-facing or high-sensitivity wireless networks sooner.\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Integrity impact is High (I:H), with potential for confidentiality compromise of multicast/broadcast traffic. No availability impact.\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation allows decryption of group-addressed frames (multicast/broadcast) and injection of malicious packets. Does not directly compromise unicast traffic or long-term credentials, but weakens overall WPA2 security posture.\\\",\\n \\\"blast_radius\\\": \\\"All WPA/WPA2 wireless networks and connected clients within radio range of an attacker. Scope includes enterprise Wi-Fi, guest networks, and IoT devices.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to widespread WPA2 deployment and potential for traffic decryption/injection. Limited by high attack complexity and radio range constraints. Risk increases in environments with sensitive multicast traffic or unpatched legacy devices.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"w1.fi hostapd\\\", \\\"w1.fi wpa_supplicant\\\", \\\"Ubuntu Linux\\\", \\\"Debian Linux\\\", \\\"FreeBSD\\\", \\\"openSUSE Leap\\\", \\\"Red Hat Enterprise Linux\\\", \\\"SUSE Linux Enterprise\\\"],\\n \\\"affected_versions\\\": \\\"Multiple versions of hostapd and wpa_supplicant up to 2.6; various Linux/Unix OS distributions (see CPE list).\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires WPA or WPA2 wireless networks; affects both access points (hostapd) and clients (wpa_supplicant).\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High relevance for internet-facing wireless networks or guest Wi-Fi, but attacker must be within radio range regardless of internet connectivity.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Multicast Traffic Decryption\\\",\\n \\\"attacker_goal\\\": \\\"Decrypt sensitive multicast/broadcast traffic (e.g., video streams, discovery protocols) by reinstalling GTK.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker positions within radio range of target WPA2 network\\\", \\\"Captures four-way handshake messages between AP and client\\\", \\\"Replays handshake messages to force GTK reinstallation\\\", \\\"Uses reinstalled GTK to decrypt previously captured group-addressed frames\\\"],\\n \\\"likely_targets\\\": \\\"Enterprise wireless networks with sensitive multicast applications (e.g., video conferencing, IPTV, industrial control systems).\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Malicious Packet Injection\\\",\\n \\\"attacker_goal\\\": \\\"Inject malicious packets (e.g., ARP spoofing, DNS poisoning) into multicast/broadcast streams.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker forces GTK reinstallation via replayed handshake\\\", \\\"Crafts malicious multicast/broadcast packets encrypted with reinstalled GTK\\\", \\\"Injects packets to disrupt network services or redirect traffic\\\", \\\"Potentially combines with other attacks (e.g., ARP spoofing) for lateral movement\\\"],\\n \\\"likely_targets\\\": \\\"Guest Wi-Fi networks, IoT devices, or environments with weak network segmentation.\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch Management and Configuration Hardening\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Apply vendor-provided patches for hostapd, wpa_supplicant, and operating systems to prevent GTK reinstallation during the four-way handshake.\\\",\\n \\\"Implement WPA3 where supported to leverage improved cryptographic protocols and forward secrecy.\\\",\\n \\\"Segment wireless networks and restrict multicast/broadcast traffic to limit blast radius of potential attacks.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"patching_notes\\\": \\\"Coordinate patching with change control; test patches in non-production environments first. Prioritize internet-facing or high-risk wireless networks.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify installed versions of hostapd and wpa_supplicant against patched versions from vendor advisories.\\\",\\n \\\"Test wireless connectivity and performance after patching to ensure no service disruption.\\\",\\n \\\"Monitor wireless logs for anomalous handshake patterns or replay attempts.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backups of wireless controller configurations and firmware; prepare rollback plan if patching causes connectivity issues.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor wireless logs for repeated four-way handshake attempts or anomalous message patterns indicative of replay attacks.\\\",\\n \\\"Deploy IDS/IPS rules to detect KRACK attack signatures or GTK reinstallation attempts.\\\",\\n \\\"Use WPA2-Enterprise with 802.1X authentication to reduce attack surface compared to WPA2-Personal.\\\",\\n \\\"Segment wireless networks and monitor for unauthorized multicast/broadcast traffic injection.\\\",\\n \\\"Conduct periodic wireless penetration testing to identify vulnerable clients or access points.\\\",\\n \\\"Monitor for unexpected client disconnections or handshake failures that may indicate attack attempts.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Public proof-of-concept tools (KRACK attacks) referenced in vulnerability class and exploit summary.\\\",\\n \\\"epss\\\": \\\"0.00831\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High relevance due to widespread use of wpa_supplicant and hostapd in embedded systems, IoT devices, and operating systems.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Fixed versions\\\", \\\"Detailed workarounds\\\", \\\"CISA KEV status\\\", \\\"Vendor advisory links\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS score discrepancy: cves_euvd reports 0.8100 while cves_epss reports 0.00831; using cves_epss as authoritative source.\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed 'KRACK attacks' as context for public PoC based on vulnerability description and timing (2017).\\\", \\\"Inferred attack scenarios from technical description and WPA2 protocol knowledge.\\\"],\\n \\\"confidence\\\": \\\"Medium-High: Core vulnerability details and affected products are well-documented, but missing fixed versions and explicit exploitation evidence limit precision.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html\\\",\\n \\\"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"71\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2017-18187\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2017-18187\\\",\\n \\\"title\\\": \\\"ARM mbed TLS PSK Identity Parsing Integer Overflow Bounds-Check Bypass\\\",\\n \\\"short_description\\\": \\\"ARM mbed TLS versions before 2.7.0 contain an integer overflow in the ssl_parse_client_psk_identity() function within library/ssl_srv.c, enabling bounds-check bypass during PSK identity parsing.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows remote attackers to bypass bounds checks via integer overflow, potentially leading to out-of-bounds memory access, information disclosure, or remote code execution in TLS server contexts using PSK key exchange. The flaw resides in a core TLS parsing function exposed to network clients, making it remotely exploitable without authentication and with low attack complexity.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.0\\\",\\n \\\"cvss_base_score\\\": \\\"9.8\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\\\",\\n \\\"severity_label\\\": \\\"CRITICAL\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-190\\\"],\\n \\\"weakness_summary\\\": \\\"Integer overflow in PSK identity parsing leading to bounds-check bypass.\\\",\\n \\\"attack_surface\\\": \\\"TLS server component handling PSK key exchange; exposed to unauthenticated network clients during TLS handshake.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"No explicit evidence of in-the-wild exploitation or public PoC was found in the input data. Exploitability is inferred as Medium due to the critical CVSS score, network-accessible attack vector, and low complexity, but the absence of documented exploits reduces immediate urgency.\\\",\\n \\\"evidence_signals\\\": [\\\"CVSS 3.0 base score 9.8 with network attack vector and low complexity\\\", \\\"No explicit PoC or active exploitation indicators present in input data\\\", \\\"EPSS score 0.00563 (low exploitation probability as of 2025-11-23)\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"High - Urgent Verification\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"Critical severity (CVSS 9.8) with network-accessible attack surface and potential for RCE, but no confirmed active exploitation. Requires immediate verification of affected mbed TLS versions in enterprise assets, especially internet-facing TLS servers using PSK.\\\",\\n \\\"recommended_sla\\\": \\\"Verify exposure within 24 hours; patch or mitigate within 7 days if vulnerable assets are identified.\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"High confidentiality, integrity, and availability impact (C:H/I:H/A:H) due to potential memory corruption, information disclosure, or remote code execution.\\\",\\n \\\"technical_impact_details\\\": \\\"Integer overflow during PSK identity parsing can bypass bounds checks, leading to out-of-bounds read/write, heap corruption, or stack-based buffer overflow. Successful exploitation could compromise TLS session security, expose sensitive data, or grant attacker control over the affected server.\\\",\\n \\\"blast_radius\\\": \\\"Affects mbed TLS servers with PSK key exchange enabled, particularly internet-facing endpoints. Embedded devices and IoT deployments using mbed TLS may have widespread exposure.\\\",\\n \\\"business_risk_rating\\\": \\\"4\\\",\\n \\\"business_risk_justification\\\": \\\"Critical technical severity with potential for complete system compromise, but mitigated by the requirement for PSK usage and absence of confirmed exploitation. Risk is elevated for organizations using mbed TLS in internet-facing or critical infrastructure contexts.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"ARM mbed TLS\\\", \\\"Debian Linux 8.0\\\", \\\"Debian Linux 9.0\\\"],\\n \\\"affected_versions\\\": \\\"ARM mbed TLS versions before 2.7.0; Debian Linux 8.0 and 9.0 (via embedded mbed TLS packages).\\\",\\n \\\"fixed_versions\\\": \\\"ARM mbed TLS 2.7.0 and later.\\\",\\n \\\"configuration_dependencies\\\": \\\"Vulnerability is triggered when mbed TLS server configuration supports PSK key exchange; clients must initiate TLS handshake with PSK identity.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High relevance for internet-facing TLS servers using PSK authentication; internal systems with PSK-enabled mbed TLS are also at risk if attackers gain network access.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Remote Code Execution via PSK Identity Overflow\\\",\\n \\\"attacker_goal\\\": \\\"Execute arbitrary code on vulnerable mbed TLS server.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker initiates TLS handshake with maliciously crafted PSK identity triggering integer overflow\\\", \\\"Integer overflow bypasses bounds check, enabling out-of-bounds memory write\\\", \\\"Attacker exploits memory corruption to achieve RCE or crash the server\\\"],\\n \\\"likely_targets\\\": \\\"Internet-facing mbed TLS servers with PSK key exchange enabled; embedded devices and IoT endpoints using mbed TLS.\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Information Disclosure via Out-of-Bounds Read\\\",\\n \\\"attacker_goal\\\": \\\"Leak sensitive memory contents from the TLS server process.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker sends crafted PSK identity causing integer overflow and bounds-check bypass\\\", \\\"Server parses PSK identity and reads memory beyond allocated buffer\\\", \\\"Attacker extracts leaked memory contents from TLS handshake response or error messages\\\"],\\n \\\"likely_targets\\\": \\\"mbed TLS servers in shared hosting environments or containers where memory may contain credentials or session data from other processes.\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Hardening\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade mbed TLS to version 2.7.0 or later to resolve the integer overflow vulnerability.\\\",\\n \\\"Disable PSK key exchange in mbed TLS server configurations if not required for operational needs.\\\",\\n \\\"Implement network segmentation and firewall rules to restrict access to mbed TLS services, limiting exposure to untrusted networks.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disabling PSK key exchange in server configurations eliminates the attack vector; however, this may not be feasible if PSK is required for client authentication.\\\",\\n \\\"patching_notes\\\": \\\"Apply mbed TLS 2.7.0+ updates during scheduled maintenance windows; test patches in non-production environments to ensure compatibility with existing PSK clients.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Inventory all systems and applications using mbed TLS, checking for versions prior to 2.7.0.\\\",\\n \\\"Verify PSK key exchange configuration in mbed TLS server settings; confirm if PSK is actively used by clients.\\\",\\n \\\"After patching, perform TLS handshake testing with PSK clients to ensure continued functionality and absence of regression.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backups of mbed TLS configuration files and binaries before patching; prepare rollback procedures if patch causes service disruption.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor TLS handshake logs for anomalous PSK identity lengths or repeated handshake failures from single sources.\\\",\\n \\\"Deploy network IDS/IPS rules to detect crafted TLS packets with oversized PSK identity fields targeting mbed TLS servers.\\\",\\n \\\"Use endpoint monitoring to identify unexpected process crashes or memory corruption in mbed TLS server applications.\\\",\\n \\\"Hunt for network scans or exploitation attempts targeting TCP port 443 (or custom TLS ports) with PSK-related payloads.\\\",\\n \\\"Correlate SIEM alerts for outbound connections from internal systems to known malicious IPs following mbed TLS server compromise.\\\",\\n \\\"Review vulnerability scan reports to identify unpatched mbed TLS versions in enterprise asset inventory.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00563\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium relevance; mbed TLS is widely used in embedded systems and IoT devices, potentially affecting downstream products.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed vendor advisory link\\\", \\\"Proof-of-concept exploit availability\\\", \\\"CISA KEV status\\\", \\\"Ransomware campaign associations\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS score discrepancy: cves_euvd reports 0.5600 while cves_epss reports 0.00563; cves_epss value (0.00563) is prioritized as it is explicitly sourced from EPSS with a 2025-11-23 date.\\\"],\\n \\\"assumptions_made\\\": [\\\"PSK key exchange must be enabled for exploitation; assumed based on vulnerability description.\\\", \\\"Debian Linux 8.0/9.0 inclusion implies mbed TLS packages in these distributions are affected.\\\"],\\n \\\"confidence\\\": \\\"Medium confidence due to absence of explicit vendor advisory details and PoC information; CVSS and CPE data are reliable.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://www.securityfocus.com/bid/103055\\\",\\n \\\"https://github.com/ARMmbed/mbedtls/blob/master/ChangeLog\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"47\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2017-13080\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2017-13080\\\",\\n \\\"title\\\": \\\"WPA2 Group Temporal Key (GTK) Reinstallation Vulnerability\\\",\\n \\\"short_description\\\": \\\"Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability enables attackers within radio range to replay group-addressed frames by forcing GTK reinstallation, potentially leading to decryption of multicast/broadcast traffic and injection of malicious frames. It affects core WPA2 implementations across operating systems and Wi-Fi infrastructure, undermining the confidentiality and integrity of Wi-Fi communications.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.0\\\",\\n \\\"cvss_base_score\\\": \\\"5.3\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-323\\\"],\\n \\\"weakness_summary\\\": \\\"Key reinstallation attack allowing replay of group-addressed frames due to improper GTK reinstallation during handshake.\\\",\\n \\\"attack_surface\\\": \\\"Wi-Fi group key handshake; requires attacker within radio range to intercept and replay frames.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Public PoC\\\",\\n \\\"exploit_summary\\\": \\\"Attack requires proximity to target Wi-Fi network and ability to capture/replay handshake frames; complexity is high due to timing constraints.\\\",\\n \\\"evidence_signals\\\": [\\\"Public research demonstrated practical exploitation (KRACK attacks)\\\", \\\"Multiple vendor advisories and patches released\\\", \\\"EPSS score indicates low real-world exploitation likelihood\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Adjacent (Wi-Fi radio range)\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"High (requires precise timing and radio proximity)\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium CVSS with high attack complexity and no evidence of widespread exploitation; patching should be scheduled within standard maintenance windows for affected Wi-Fi infrastructure and clients.\\\",\\n \\\"recommended_sla\\\": \\\"30-60 days for infrastructure components; 60-90 days for client devices\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Integrity compromise (I) with potential confidentiality impact (C) on multicast/broadcast traffic.\\\",\\n \\\"technical_impact_details\\\": \\\"Attackers can replay group-addressed frames and potentially decrypt multicast traffic; no direct availability impact but could enable further attacks.\\\",\\n \\\"blast_radius\\\": \\\"All WPA2-enabled devices within radio range; particularly impacts environments with dense Wi-Fi deployments or public hotspots.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate risk due to requirement for physical proximity and high attack complexity; however, successful exploitation could compromise sensitive multicast communications in enterprise environments.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"w1.fi hostapd\\\", \\\"w1.fi wpa_supplicant\\\", \\\"Ubuntu Linux\\\", \\\"Debian Linux\\\", \\\"FreeBSD\\\", \\\"Red Hat Enterprise Linux\\\", \\\"SUSE Linux Enterprise\\\", \\\"OpenSUSE Leap\\\"],\\n \\\"affected_versions\\\": \\\"Multiple versions of hostapd and wpa_supplicant up to 2.6; various OS distributions including Ubuntu 14.04/16.04/17.04, Debian 8.0/9.0, FreeBSD 10/11, RHEL 7, SUSE Linux Enterprise 11/12\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires WPA2-enabled Wi-Fi networks; affects both access points (hostapd) and client devices (wpa_supplicant).\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High relevance for internet-facing Wi-Fi networks and public hotspots; moderate for internal enterprise networks with physical security controls.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Enterprise Network Eavesdropping\\\",\\n \\\"attacker_goal\\\": \\\"Decrypt multicast traffic and inject malicious frames into corporate Wi-Fi network\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker positions within radio range of target enterprise Wi-Fi network\\\", \\\"Captures group key handshake frames between access point and clients\\\", \\\"Forces GTK reinstallation by replaying handshake messages\\\", \\\"Decrypts multicast/broadcast traffic and potentially injects malicious content\\\"],\\n \\\"likely_targets\\\": \\\"Corporate offices, conference rooms, public areas with Wi-Fi access\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Public Hotspot Compromise\\\",\\n \\\"attacker_goal\\\": \\\"Intercept and manipulate traffic at public Wi-Fi locations\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker sets up monitoring equipment near coffee shop or airport Wi-Fi\\\", \\\"Exploits GTK reinstallation vulnerability in public access point\\\", \\\"Captures multicast traffic from multiple connected clients\\\", \\\"Uses intercepted data for further attacks or surveillance\\\"],\\n \\\"likely_targets\\\": \\\"Public Wi-Fi hotspots, airports, hotels, cafes\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch Management and Network Segmentation\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Apply vendor patches to all affected Wi-Fi access points and client devices, prioritizing internet-facing infrastructure first.\\\",\\n \\\"Implement network segmentation to isolate critical systems from Wi-Fi networks and limit multicast traffic exposure.\\\",\\n \\\"Deploy Wi-Fi monitoring solutions to detect frame replay attempts and anomalous handshake patterns.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disable Wi-Fi where possible; use wired connections for sensitive communications; implement additional encryption layers (VPN) for critical traffic.\\\",\\n \\\"patching_notes\\\": \\\"Coordinate patching with change control processes; test patches in non-production environment first; ensure compatibility with existing Wi-Fi infrastructure.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify patch installation on all affected systems using vulnerability scanning tools.\\\",\\n \\\"Test Wi-Fi connectivity and performance after patching to ensure no service degradation.\\\",\\n \\\"Monitor for any unusual network activity or authentication failures post-patch.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain pre-patch configurations and drivers; prepare rollback procedures for critical systems; monitor for compatibility issues with legacy devices.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for repeated group key handshake attempts or unusual 4-way handshake patterns\\\",\\n \\\"Deploy Wi-Fi IDS/IPS systems to detect frame replay attacks and GTK reinstallation attempts\\\",\\n \\\"Analyze wireless logs for authentication anomalies and repeated deauthentication events\\\",\\n \\\"Use network monitoring tools to detect unexpected multicast traffic patterns or injection attempts\\\",\\n \\\"Implement endpoint detection for systems experiencing multiple Wi-Fi reconnection events\\\",\\n \\\"Hunt for devices exhibiting signs of key reinstallation attacks through behavioral analysis\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.01195 (1.195% exploitation probability)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High - affects core Wi-Fi implementations across multiple vendors and operating systems\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Fixed versions\\\", \\\"CISA KEV status\\\", \\\"Specific exploit references\\\", \\\"Vendor patch links\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS scores show discrepancy between sources (1.1600 vs 0.01195)\\\", \\\"Limited information on current exploitation status\\\"],\\n \\\"assumptions_made\\\": [\\\"Public PoC status inferred from KRACK research publications\\\", \\\"Medium triage category based on CVSS and attack complexity\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear but missing current exploitation intelligence and specific patch information\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html\\\",\\n \\\"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"62\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2021-27803\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2021-27803\\\",\\n \\\"title\\\": \\\"wpa_supplicant P2P Provision Discovery Request Processing Vulnerability\\\",\\n \\\"short_description\\\": \\\"A vulnerability in wpa_supplicant before version 2.10 allows an attacker within radio range to cause denial of service or potentially execute arbitrary code by sending specially crafted P2P (Wi-Fi Direct) provision discovery requests.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability affects the core Wi-Fi authentication daemon used across Linux distributions and embedded systems. An attacker within radio range can potentially crash the service or execute arbitrary code without authentication, impacting device availability and integrity. The risk is elevated for devices with Wi-Fi enabled in environments with untrusted users nearby.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"7.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\\\",\\n \\\"severity_label\\\": \\\"HIGH\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"Not available / Not specified in input data\\\"],\\n \\\"weakness_summary\\\": \\\"Improper handling of P2P provision discovery requests in p2p/p2p_pd.c leading to potential memory corruption or denial of service.\\\",\\n \\\"attack_surface\\\": \\\"Wi-Fi radio interface (802.11); requires proximity to target device with active Wi-Fi Direct/P2P capability.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires physical proximity (adjacent network vector) and high attack complexity. No evidence of active exploitation found in input data.\\\",\\n \\\"evidence_signals\\\": [\\\"No CISA KEV listing\\\", \\\"No public PoC references in input\\\", \\\"EPSS score suggests moderate exploitation likelihood\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Adjacent (radio range)\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"High\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"High CVSS score but requires physical proximity and high attack complexity. No evidence of active exploitation. Priority should be given to devices in public/shared spaces with Wi-Fi enabled.\\\",\\n \\\"recommended_sla\\\": \\\"90 days for general devices; 30 days for publicly accessible systems\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"High (Confidentiality/Integrity/Availability)\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation could lead to denial of service (service crash) or potential arbitrary code execution with system privileges. Memory corruption in critical Wi-Fi daemon.\\\",\\n \\\"blast_radius\\\": \\\"All devices running wpa_supplicant <2.10 with Wi-Fi enabled, particularly those in shared/public environments.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to proximity requirement and high complexity. Risk increases for organizations with publicly accessible Wi-Fi infrastructure or IoT devices in uncontrolled environments.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"wpa_supplicant\\\", \\\"Fedora 32\\\", \\\"Fedora 33\\\", \\\"Fedora 34\\\", \\\"Debian Linux 9.0\\\", \\\"Debian Linux 10.0\\\"],\\n \\\"affected_versions\\\": \\\"wpa_supplicant versions before 2.10\\\",\\n \\\"fixed_versions\\\": \\\"wpa_supplicant 2.10 and later\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires Wi-Fi interface with P2P/Wi-Fi Direct capability enabled\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Devices with Wi-Fi enabled in public/shared spaces are at higher risk due to proximity attack vector\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Public Wi-Fi DoS Attack\\\",\\n \\\"attacker_goal\\\": \\\"Disrupt Wi-Fi connectivity of target devices\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker positions within radio range of target device\\\", \\\"Crafts malicious P2P provision discovery request\\\", \\\"Transmits packet causing wpa_supplicant crash\\\"],\\n \\\"likely_targets\\\": \\\"Public-facing kiosks, IoT devices, corporate laptops in shared workspaces\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Code Execution Attempt\\\",\\n \\\"attacker_goal\\\": \\\"Gain control of target device through memory corruption\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker researches memory layout of wpa_supplicant\\\", \\\"Crafts exploit payload in P2P provision discovery request\\\", \\\"Attempts to trigger arbitrary code execution\\\"],\\n \\\"likely_targets\\\": \\\"Devices with outdated wpa_supplicant in security-sensitive environments\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch Management\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade wpa_supplicant to version 2.10 or later on all affected systems.\\\",\\n \\\"Disable Wi-Fi Direct/P2P functionality on devices where this feature is not required.\\\",\\n \\\"Implement network segmentation to limit exposure of Wi-Fi enabled devices to untrusted networks.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disable P2P/Wi-Fi Direct features in wpa_supplicant configuration if not needed\\\",\\n \\\"patching_notes\\\": \\\"Verify compatibility with existing Wi-Fi infrastructure before deployment. Test in non-production environment first.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Check current wpa_supplicant version using 'wpa_supplicant -v' command.\\\",\\n \\\"Verify P2P functionality status in configuration files.\\\",\\n \\\"Test Wi-Fi connectivity after patching to ensure no service disruption.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous wpa_supplicant version and configuration files before updating\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor wpa_supplicant process crashes in system logs (journalctl, dmesg)\\\",\\n \\\"Alert on unusual P2P provision discovery request patterns in Wi-Fi monitoring tools\\\",\\n \\\"Scan network for devices with outdated wpa_supplicant versions using vulnerability scanners\\\",\\n \\\"Monitor for unexpected Wi-Fi service restarts or connectivity issues\\\",\\n \\\"Hunt for malformed 802.11 frames in wireless packet captures\\\",\\n \\\"Track EPSS score changes and emerging exploit intelligence\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.2800 (cves_euvd) / 0.00283 (cves_epss)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Affects multiple Linux distributions and embedded systems using wpa_supplicant\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"CWE identifier\\\", \\\"Detailed vendor advisory link\\\", \\\"Specific patch availability dates\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"Conflicting EPSS scores between sources (0.2800 vs 0.00283)\\\"],\\n \\\"assumptions_made\\\": [\\\"High attack complexity inferred from CVSS AC:H metric\\\", \\\"Physical proximity required based on AV:A vector\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details confirmed but exploitability assessment limited by lack of technical details\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://www.openwall.com/lists/oss-security/2021/02/27/1\\\",\\n \\\"https://lists.debian.org/debian-lts-announce/2021/03/msg00003.html\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"50\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2017-13084\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2017-13084\\\",\\n \\\"title\\\": \\\"WPA2 STSL Transient Key Reinstallation Vulnerability (KRACK)\\\",\\n \\\"short_description\\\": \\\"Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability enables attackers within radio range to force nonce reuse by reinstalling an already-in-use STK, leading to packet decryption, replay, and potential data injection. It undermines the confidentiality and integrity assurances of WPA2 for PeerKey (STSL) handshakes, exposing sensitive traffic without requiring authentication or user interaction.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.0\\\",\\n \\\"cvss_base_score\\\": \\\"6.8\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-323: Reusing a Nonce, Key Pair in Encryption\\\"],\\n \\\"weakness_summary\\\": \\\"The flaw allows reinstallation of the STSL Transient Key during the PeerKey handshake, causing nonce reuse and breaking cryptographic protections for frames.\\\",\\n \\\"attack_surface\\\": \\\"Wi-Fi clients and access points using WPA/WPA2 with PeerKey (STSL) handshake support; attacker must be within radio range.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Public PoC\\\",\\n \\\"exploit_summary\\\": \\\"Attackers within radio range can trigger key reinstallation by manipulating handshake messages, leading to nonce reuse and frame decryption/injection.\\\",\\n \\\"evidence_signals\\\": [\\n \\\"Widely publicized as part of the KRACK attacks; multiple proof-of-concept demonstrations exist.\\\",\\n \\\"High EPSS percentile (75.387%) suggests elevated exploitation likelihood relative to other CVEs.\\\",\\n \\\"No explicit in-the-wild exploitation signals present in the input data.\\\"\\n ],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Adjacent (Wi-Fi radio range)\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"High (requires precise timing and radio access)\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"CVSS 6.8 MEDIUM with High attack complexity and adjacent network access; no evidence of active exploitation in input data. Prioritize patching during next maintenance window for affected Wi-Fi infrastructure and clients.\\\",\\n \\\"recommended_sla\\\": \\\"30 days\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Confidentiality and Integrity compromise of Wi-Fi frames; Availability not directly affected.\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation allows decryption of encrypted frames, replay of packets, and potential injection of malicious data. Does not reveal the Wi-Fi password or permit full session hijacking.\\\",\\n \\\"blast_radius\\\": \\\"All Wi-Fi clients and access points using WPA/WPA2 with PeerKey (STSL) handshake within radio range of an attacker.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate risk due to adjacent-network requirement and high attack complexity, but impact includes exposure of sensitive data in transit. Risk increases in environments with high-density Wi-Fi usage or critical wireless-dependent operations.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\n \\\"w1.fi hostapd (multiple versions 0.2.4–2.6)\\\",\\n \\\"w1.fi wpa_supplicant (multiple versions 0.2.4–2.6)\\\",\\n \\\"Canonical Ubuntu Linux (14.04 LTS, 16.04 LTS, 17.04)\\\",\\n \\\"Debian Linux (8.0, 9.0)\\\",\\n \\\"FreeBSD (multiple versions)\\\",\\n \\\"Red Hat Enterprise Linux Desktop/Server 7\\\",\\n \\\"SUSE Linux Enterprise (multiple versions)\\\"\\n ],\\n \\\"affected_versions\\\": \\\"Multiple versions of hostapd, wpa_supplicant, and various Linux/BSD distributions as listed in CPEs.\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires Wi-Fi interfaces using WPA/WPA2 with PeerKey (STSL) handshake enabled.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Indirect; attackers must be within radio range, but internet-facing Wi-Fi networks increase exposure.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Wireless Eavesdropping and Data Exfiltration\\\",\\n \\\"attacker_goal\\\": \\\"Decrypt sensitive data transmitted over Wi-Fi without authentication.\\\",\\n \\\"steps_high_level\\\": [\\n \\\"Attacker positions within radio range of target Wi-Fi network.\\\",\\n \\\"Attacker injects forged handshake messages to trigger STK reinstallation.\\\",\\n \\\"Attacker captures encrypted frames and decrypts using reused nonce.\\\"\\n ],\\n \\\"likely_targets\\\": \\\"Organizations with unpatched Wi-Fi infrastructure handling sensitive data (e.g., healthcare, finance).\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Frame Injection and Manipulation\\\",\\n \\\"attacker_goal\\\": \\\"Inject malicious packets or replay legitimate traffic to disrupt operations.\\\",\\n \\\"steps_high_level\\\": [\\n \\\"Attacker forces STK reinstallation via handshake manipulation.\\\",\\n \\\"Attacker crafts malicious frames using compromised nonce.\\\",\\n \\\"Attacker injects packets to trigger unauthorized actions or disrupt services.\\\"\\n ],\\n \\\"likely_targets\\\": \\\"Industrial control systems or IoT devices relying on Wi-Fi connectivity.\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Update\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Apply vendor-provided patches for hostapd, wpa_supplicant, and operating systems to prevent key reinstallation.\\\",\\n \\\"Disable PeerKey (STSL) handshake on Wi-Fi clients and access points if not required for operations.\\\",\\n \\\"Enforce WPA3 adoption where feasible to leverage improved cryptographic protections and forward secrecy.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"patching_notes\\\": \\\"Coordinate patching with network operations to minimize disruption; prioritize internet-facing or high-sensitivity Wi-Fi segments.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify installed versions of hostapd and wpa_supplicant against patched releases from vendors.\\\",\\n \\\"Test Wi-Fi connectivity post-patch to ensure no functional regressions.\\\",\\n \\\"Monitor for anomalous handshake patterns or nonce reuse indicators using wireless intrusion detection systems.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backups of Wi-Fi configuration and firmware; plan rollback procedures if patching causes connectivity issues.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for repeated PeerKey handshake messages or anomalous STK reinstallation attempts using wireless IDS/IPS.\\\",\\n \\\"Correlate Wi-Fi deauthentication/disassociation events with subsequent handshake manipulation patterns.\\\",\\n \\\"Hunt for nonce reuse indicators in decrypted packet captures (requires specialized tools).\\\",\\n \\\"Alert on unexpected Wi-Fi clients exhibiting key reinstallation behavior or injection of forged frames.\\\",\\n \\\"Leverage endpoint logs (e.g., wpa_supplicant logs) to detect handshake anomalies or key reinstallation events.\\\",\\n \\\"Deploy network segmentation to isolate critical assets from potentially compromised Wi-Fi segments.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00932 (percentile: 0.75387)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High; affects widely used Wi-Fi implementations (hostapd, wpa_supplicant) across multiple OS distributions.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\n \\\"Fixed versions not specified in input data.\\\",\\n \\\"No explicit mention of in-the-wild exploitation or PoC references.\\\",\\n \\\"Workarounds not detailed in input data.\\\"\\n ],\\n \\\"conflicts_or_ambiguities\\\": [\\n \\\"EPSS score discrepancy: EUVD reports 0.9300, while EPSS source reports 0.00932; using EPSS source value per authoritative guidance.\\\"\\n ],\\n \\\"assumptions_made\\\": [\\n \\\"Assumed 'Public PoC' exploit status based on widespread KRACK-related demonstrations in public domain.\\\",\\n \\\"Inferred attack scenarios from vulnerability description and Wi-Fi security context.\\\"\\n ],\\n \\\"confidence\\\": \\\"Medium-High\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt\\\",\\n \\\"http://www.kb.cert.org/vuls/id/228519\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"56\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2019-9494\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2019-9494\\\",\\n \\\"title\\\": \\\"SAE Side-Channel Attack in hostapd and wpa_supplicant\\\",\\n \\\"short_description\\\": \\\"The implementations of Simultaneous Authentication of Equals (SAE) in hostapd and wpa_supplicant are vulnerable to side-channel attacks due to observable timing differences and cache access patterns. An attacker may leverage leaked information from a side-channel attack to achieve full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows an attacker to recover the full Wi‑Fi password (PSK) through side-channel leakage during the SAE handshake, bypassing cryptographic protections. Successful exploitation grants the attacker persistent network access, enabling lateral movement, traffic interception, and potential credential harvesting. The attack targets the WPA3‑like SAE handshake and affects a wide range of embedded devices, access points, and clients using vulnerable hostapd/wpa_supplicant versions.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"5.9\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-203: Observable Discrepancy\\\"],\\n \\\"weakness_summary\\\": \\\"Side-channel leakage via timing and cache-access patterns during SAE password-element computations allows an attacker to infer the password through offline analysis of multiple handshake observations.\\\",\\n \\\"attack_surface\\\": \\\"Wi‑Fi SAE handshake (network protocol); requires proximity or network adjacency to observe handshake frames.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires an attacker to capture multiple SAE handshakes from the same network and perform offline cryptanalysis using timing/cache side-channel leakage to recover the password.\\\",\\n \\\"evidence_signals\\\": [\\\"No explicit in-the-wild exploitation signals found in input data\\\", \\\"No public PoC references present in input data\\\", \\\"Moderate CVSS Exploitability subscore due to High attack complexity\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Adjacent (Wi‑Fi) network access to observe SAE handshake frames\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"High (requires multiple handshake captures and offline analysis)\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"The vulnerability enables full password recovery but requires High attack complexity and proximity/adjacency to capture multiple handshakes. No evidence of active exploitation or public PoC exists in the input data. Prioritize patching during the next maintenance window for affected APs and clients.\\\",\\n \\\"recommended_sla\\\": \\\"90 days (align with standard patching cycle for medium-severity issues)\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Confidentiality: High (password recovery); Integrity: None; Availability: None\\\",\\n \\\"technical_impact_details\\\": \\\"An attacker who successfully recovers the Wi‑Fi password gains persistent network access, can decrypt traffic, perform MITM attacks, and pivot to internal resources. The attack does not cause service disruption.\\\",\\n \\\"blast_radius\\\": \\\"All devices using vulnerable hostapd or wpa_supplicant versions with SAE enabled on the same network; risk is localized to the attacked SSID.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to password recovery leading to unauthorized network access and potential data exposure. The High attack complexity and lack of known exploitation lower immediate urgency, but the impact is significant if exploited.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"w1.fi hostapd\\\", \\\"w1.fi wpa_supplicant\\\", \\\"Synology Router Manager\\\", \\\"Synology RADIUS Server\\\", \\\"Fedora 28/29/30\\\", \\\"openSUSE Backports SLE 15.0/15.0 SP1\\\", \\\"openSUSE Leap 15.1\\\", \\\"FreeBSD 11.2/12.0 (multiple patch levels)\\\"],\\n \\\"affected_versions\\\": \\\"hostapd and wpa_supplicant prior to and including version 2.7\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"SAE (WPA3‑like) must be enabled on the access point or client; WPA3 transition mode or pure SAE networks are affected.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Low (requires adjacent Wi‑Fi access); internet-facing relevance only if Wi‑Fi is bridged to internet-accessible infrastructure.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Password Recovery via Side-Channel\\\",\\n \\\"attacker_goal\\\": \\\"Recover the Wi‑Fi password to gain persistent network access.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker positions within Wi‑Fi range and captures multiple SAE handshake frames from the target network.\\\", \\\"Attacker analyzes timing and cache-access patterns from the handshake captures to extract side-channel leakage.\\\", \\\"Attacker performs offline cryptanalysis to recover the password and authenticates to the network.\\\"],\\n \\\"likely_targets\\\": \\\"Access points and clients using vulnerable hostapd/wpa_supplicant with SAE enabled.\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Insider or Adjacent Attacker\\\",\\n \\\"attacker_goal\\\": \\\"Escalate from guest/adjacent network to corporate Wi‑Fi access.\\\",\\n \\\"steps_high_level\\\": [\\\"Insider or adjacent attacker monitors SAE handshapes on the corporate SSID from a nearby location.\\\", \\\"Attacker collects sufficient side-channel observations and recovers the PSK offline.\\\", \\\"Attacker uses recovered credentials to join the corporate network and pivot to internal systems.\\\"],\\n \\\"likely_targets\\\": \\\"Corporate or high-security Wi‑Fi networks using SAE with vulnerable implementations.\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade hostapd and wpa_supplicant to versions beyond 2.7 that include side-channel-resistant SAE implementations.\\\",\\n \\\"Apply vendor-specific patches for embedded devices (e.g., Synology, FreeBSD) and update firmware on affected access points and clients.\\\",\\n \\\"If patching is delayed, consider disabling SAE and using WPA2-Enterprise with 802.1X to reduce exposure while planning upgrades.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disable SAE and use WPA2-Enterprise with 802.1X; restrict Wi‑Fi signal propagation to minimize adjacent-network exposure; monitor for unauthorized devices joining the network.\\\",\\n \\\"patching_notes\\\": \\\"Verify that patched versions implement constant-time SAE operations; test compatibility with existing clients before deployment.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Check hostapd and wpa_supplicant version numbers on APs and clients to confirm they are updated beyond 2.7.\\\",\\n \\\"Verify SAE functionality remains operational post-patch and no authentication regressions occur.\\\",\\n \\\"Monitor authentication logs for anomalies and use NAC/802.1X to detect unauthorized devices.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"If patching causes connectivity issues, roll back to previous firmware/software and re-enable WPA2-Enterprise while pursuing alternative mitigations.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for multiple SAE authentication attempts or handshake retries from the same client MAC within a short window.\\\",\\n \\\"Alert on clients failing SAE authentication repeatedly, which may indicate probing or side-channel data collection.\\\",\\n \\\"Hunt for new devices joining the network shortly after unusual SAE handshake patterns are observed.\\\",\\n \\\"Use Wi‑Fi IDS/IPS to detect off-channel scanning or handshake capture attempts near sensitive network boundaries.\\\",\\n \\\"Correlate RADIUS or NAC logs with Wi‑Fi events to identify unauthorized devices using recovered credentials.\\\",\\n \\\"Perform periodic credential audits and rotate Wi‑Fi passwords, especially if SAE handshake anomalies are detected.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.01538 (percentile 0.80770) as of 2025-11-23\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium (embedded devices and Linux distributions bundle vulnerable hostapd/wpa_supplicant; patching requires vendor firmware updates)\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Fixed versions not explicitly listed\\\", \\\"Vendor patch links not provided\\\", \\\"No explicit mention of CISA KEV or in-the-wild exploitation\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS score discrepancy: EUVD reports 1.5700 while EPSS source reports 0.01538; using EPSS source value per authoritative preference\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed SAE is enabled in affected environments; impact is lower if SAE is not used\\\", \\\"Assumed attacker has proximity/adjacency to capture handshakes\\\"],\\n \\\"confidence\\\": \\\"Medium (core vulnerability details are clear, but missing fixed versions and vendor advisories limit precision)\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html\\\",\\n \\\"http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"78\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2018-19608\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2018-19608\\\",\\n \\\"title\\\": \\\"Arm Mbed TLS RSA Decryption Plaintext Recovery Vulnerability\\\",\\n \\\"short_description\\\": \\\"Arm Mbed TLS before 2.14.1, 2.7.8, and 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption used in RSA-without-(EC)DH(E) cipher suites.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability enables a local attacker without elevated privileges to recover RSA decrypted plaintext, compromising confidentiality of TLS sessions that rely on RSA key exchange without ephemeral Diffie-Hellman. While it requires local access and high attack complexity, successful exploitation could expose sensitive data transmitted over affected TLS connections. The vulnerability affects multiple versions of Mbed TLS, a widely used cryptographic library in embedded systems and IoT devices.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.0\\\",\\n \\\"cvss_base_score\\\": \\\"4.7\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"Not available / Not specified in input data\\\"],\\n \\\"weakness_summary\\\": \\\"Cryptographic weakness in RSA decryption implementation allowing plaintext recovery in specific cipher suite configurations\\\",\\n \\\"attack_surface\\\": \\\"Local access to systems running vulnerable Mbed TLS versions with RSA-without-(EC)DH(E) cipher suites enabled\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Low\\\",\\n \\\"exploit_summary\\\": \\\"Local attacker with low privileges can recover RSA decryption plaintext under specific cipher suite configurations, but requires high attack complexity\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of in-the-wild exploitation mentioned in input data\\\", \\\"EPSS score indicates low exploitation probability (0.00240)\\\", \\\"Vulnerability published in 2018 with no active exploitation signals\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Local\\\",\\n \\\"authentication_required\\\": \\\"Not required\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"Low\\\",\\n \\\"attack_complexity\\\": \\\"High\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity vulnerability with local access requirement and high attack complexity reduces immediate risk, but affects cryptographic library integrity requiring scheduled patching within standard maintenance windows\\\",\\n \\\"recommended_sla\\\": \\\"90 days for non-internet facing systems, 30 days for internet-facing or high-sensitivity systems\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Confidentiality: High, Integrity: None, Availability: None\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation allows recovery of RSA-decrypted plaintext, potentially exposing sensitive session data, credentials, or encrypted communications\\\",\\n \\\"blast_radius\\\": \\\"Limited to systems running vulnerable Mbed TLS versions with RSA-without-(EC)DH(E) cipher suites; primarily affects embedded systems and IoT devices using this specific cryptographic configuration\\\",\\n \\\"business_risk_rating\\\": \\\"2\\\",\\n \\\"business_risk_justification\\\": \\\"Local access requirement and high attack complexity significantly limit exploitability; however, cryptographic vulnerabilities warrant attention due to potential long-term security implications and the library's use in embedded systems where patching may be challenging\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Arm Mbed TLS\\\"],\\n \\\"affected_versions\\\": \\\"Versions before 2.14.1, before 2.7.8, and before 2.1.17\\\",\\n \\\"fixed_versions\\\": \\\"2.14.1, 2.7.8, 2.1.17 and later\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires RSA-without-(EC)DH(E) cipher suites to be enabled and actively used\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Medium - affects TLS implementations that may be exposed to network traffic, though local access is required for exploitation\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Local Cryptographic Attack on Embedded Device\\\",\\n \\\"attacker_goal\\\": \\\"Recover sensitive data from TLS sessions using vulnerable cipher suites\\\",\\n \\\"steps_high_level\\\": [\\\"Gain local access to system running vulnerable Mbed TLS version\\\", \\\"Identify active TLS connections using RSA-without-(EC)DH(E) cipher suites\\\", \\\"Execute timing or side-channel analysis to recover RSA decryption plaintext\\\"],\\n \\\"likely_targets\\\": \\\"Embedded systems, IoT devices, network equipment using Mbed TLS with vulnerable cipher suite configurations\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Hardening\\\",\\n \\\"mitigation_action\\\": [\\\"Upgrade Mbed TLS to version 2.14.1, 2.7.8, or 2.1.17 immediately\\\", \\\"Disable RSA-without-(EC)DH(E) cipher suites in favor of ECDHE-based cipher suites\\\", \\\"Implement network segmentation to limit local access to systems using Mbed TLS\\\"],\\n \\\"workarounds\\\": \\\"Disable vulnerable RSA cipher suites and enforce ECDHE-based key exchange; implement strict access controls to limit local system access\\\",\\n \\\"patching_notes\\\": \\\"Multiple version branches require updating; ensure compatibility testing for embedded systems before deployment\\\",\\n \\\"verification_steps\\\": [\\\"Verify Mbed TLS version is 2.14.1, 2.7.8, or 2.1.17 or later using version detection tools\\\", \\\"Confirm RSA-without-(EC)DH(E) cipher suites are disabled in TLS configuration\\\", \\\"Test TLS handshake negotiation to ensure only secure cipher suites are accepted\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous Mbed TLS configuration and binaries; test rollback procedures for embedded systems where library updates may affect functionality\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for unexpected local access attempts to systems running Mbed TLS\\\",\\n \\\"Detect use of RSA-without-(EC)DH(E) cipher suites in TLS handshakes\\\",\\n \\\"Alert on cryptographic library version mismatches indicating unpatched systems\\\",\\n \\\"Hunt for side-channel attack patterns or unusual cryptographic operations\\\",\\n \\\"Monitor network traffic for plaintext recovery attempts or unusual decryption patterns\\\",\\n \\\"Implement file integrity monitoring for Mbed TLS library files and configuration\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00240\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - Mbed TLS is widely used in embedded systems and IoT devices; vulnerability could affect multiple downstream products\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"CWE identification\\\", \\\"Detailed technical vulnerability description\\\", \\\"Specific exploit mechanism details\\\", \\\"Vendor contact information\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS score discrepancy between sources (0.2400 vs 0.00240) - using 0.00240 from EPSS source as more recent\\\"],\\n \\\"assumptions_made\\\": [\\\"Local access implies physical or authenticated remote access to target system\\\", \\\"RSA-without-(EC)DH(E) cipher suites are in use for vulnerability to be exploitable\\\", \\\"Embedded systems may have delayed patching cycles\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear, but technical specifics and current exploitation status are limited\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://cat.eyalro.net/\\\",\\n \\\"https://tls.mbed.org/tech-updates/releases/mbedtls-2.14.1-2.7.8-and-2.1.17-released\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"70\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2017-14032\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2017-14032\\\",\\n \\\"title\\\": \\\"ARM mbed TLS X.509 Certificate Chain Authentication Bypass\\\",\\n \\\"short_description\\\": \\\"ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, when optional authentication is configured, allows remote attackers to bypass peer authentication by presenting an X.509 certificate chain with many intermediates.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows attackers to bypass peer authentication in TLS connections when optional authentication is enabled, potentially leading to unauthorized access, man-in-the-middle attacks, and compromise of encrypted communication channels. The issue affects a widely used cryptographic library embedded in IoT devices, network appliances, and custom applications, making it relevant for enterprises with diverse device fleets and custom TLS implementations.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.0\\\",\\n \\\"cvss_base_score\\\": \\\"8.1\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\\\",\\n \\\"severity_label\\\": \\\"HIGH\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-295\\\"],\\n \\\"weakness_summary\\\": \\\"Improper certificate validation allows bypass of peer authentication through certificate chain manipulation\\\",\\n \\\"attack_surface\\\": \\\"TLS handshake processing; X.509 certificate chain validation logic\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires network access and the ability to craft a certificate chain with many intermediates, but no authentication or user interaction. Attack complexity is high due to the need for specific chain construction.\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of in-the-wild exploitation in input data\\\", \\\"No public PoC references in input data\\\", \\\"EPSS score suggests low current exploitation likelihood\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"High\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"High CVSS score (8.1) with complete CIA impact, but high attack complexity and no evidence of active exploitation. The vulnerability requires optional authentication configuration and specific certificate chain construction, limiting immediate risk. Priority should focus on identifying affected deployments and scheduling updates during regular maintenance windows.\\\",\\n \\\"recommended_sla\\\": \\\"90 days for identification and patching\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Complete compromise of confidentiality, integrity, and availability of TLS-protected communications\\\",\\n \\\"technical_impact_details\\\": \\\"Authentication bypass enables unauthorized access to protected services, potential decryption of sensitive data in transit, and man-in-the-middle positioning for further attacks\\\",\\n \\\"blast_radius\\\": \\\"Limited to systems using mbed TLS with optional authentication enabled; potentially widespread in IoT and embedded devices\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to authentication bypass potential, but mitigated by high attack complexity and specific configuration requirements. Risk increases with internet-facing deployments and critical data transmission scenarios.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"ARM mbed TLS\\\"],\\n \\\"affected_versions\\\": \\\"mbed TLS before 1.3.21 and 2.x before 2.1.9\\\",\\n \\\"fixed_versions\\\": \\\"mbed TLS 1.3.21 and 2.1.9\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires optional authentication configuration to be enabled\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High relevance for internet-facing services using mbed TLS with optional authentication\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"TLS Authentication Bypass via Certificate Chain Flooding\\\",\\n \\\"attacker_goal\\\": \\\"Bypass peer authentication to establish unauthorized TLS connection\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker crafts X.509 certificate chain with excessive intermediate certificates\\\", \\\"Attacker initiates TLS handshake with target server configured with optional authentication\\\", \\\"Target's mbed TLS implementation fails to properly validate the chain depth, allowing authentication bypass\\\"],\\n \\\"likely_targets\\\": \\\"IoT devices, embedded systems, custom applications using mbed TLS with optional authentication\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Man-in-the-Middle Against mbed TLS Implementations\\\",\\n \\\"attacker_goal\\\": \\\"Intercept and potentially modify encrypted communications\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker positions between client and server using mbed TLS\\\", \\\"Attacker presents manipulated certificate chain during handshake\\\", \\\"Authentication bypass allows establishment of MITM position for traffic interception\\\"],\\n \\\"likely_targets\\\": \\\"Network appliances, industrial control systems, mobile applications using affected mbed TLS versions\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Update\\\",\\n \\\"mitigation_action\\\": [\\\"Upgrade mbed TLS to version 1.3.21 or 2.1.9 immediately for affected deployments\\\", \\\"Review and audit all systems using mbed TLS to identify those with optional authentication enabled\\\", \\\"Implement network segmentation and monitoring for systems that cannot be immediately patched\\\"],\\n \\\"workarounds\\\": \\\"Disable optional authentication if not required; implement certificate pinning where feasible\\\",\\n \\\"patching_notes\\\": \\\"Verify that patching does not break existing certificate validation workflows; test in non-production environments first\\\",\\n \\\"verification_steps\\\": [\\\"Confirm mbed TLS version is 1.3.21 or 2.1.9 after update\\\", \\\"Test TLS handshake with various certificate chain configurations\\\", \\\"Validate that authentication bypass is no longer possible\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous mbed TLS version and configuration; ensure rollback procedures are tested\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor TLS handshake logs for unusual certificate chain lengths or structures\\\",\\n \\\"Alert on connection attempts with certificate chains containing excessive intermediate certificates\\\",\\n \\\"Implement certificate validation failure monitoring for mbed TLS implementations\\\",\\n \\\"Hunt for network traffic patterns suggesting authentication bypass attempts\\\",\\n \\\"Monitor for unexpected service access or connection establishments in systems using mbed TLS\\\",\\n \\\"Review certificate chain validation logs for depth limit violations\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00075\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High - affects cryptographic library used in embedded systems and IoT devices across multiple vendors\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed technical analysis of the vulnerability mechanism\\\", \\\"Vendor-specific advisory links\\\", \\\"Information about affected downstream products\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS scores show discrepancy between sources (0.0800 vs 0.00075)\\\", \\\"CPE list in input shows some affected versions as potentially fixed (e.g., 1.3.21, 2.1.9)\\\"],\\n \\\"assumptions_made\\\": [\\\"Optional authentication configuration is required for exploitation\\\", \\\"High attack complexity based on CVSS vector analysis\\\", \\\"No active exploitation based on absence of evidence in input data\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear, but limited information about current exploitation status and downstream impact\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://www.debian.org/security/2017/dsa-3967\\\",\\n \\\"https://bugs.debian.org/873557\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"43\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2016-4476\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2016-4476\\\",\\n \\\"title\\\": \\\"hostapd and wpa_supplicant WPS Passphrase DoS Vulnerability\\\",\\n \\\"short_description\\\": \\\"hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject newline and carriage return characters in passphrase parameters during WPS operations, allowing remote attackers to cause a denial of service (daemon outage).\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows unauthenticated remote attackers to crash critical Wi-Fi authentication daemons by sending crafted WPS operations containing newline characters in passphrase fields. The impact is a persistent denial of service affecting wireless connectivity for all connected clients until the daemon is manually restarted. Given that hostapd and wpa_supplicant are foundational components for Wi-Fi infrastructure across enterprise access points, embedded systems, and Linux distributions, this creates a significant availability risk, particularly for environments relying on WPS functionality or where wireless networks are exposed to untrusted clients.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"7.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\\\",\\n \\\"severity_label\\\": \\\"HIGH\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-20\\\"],\\n \\\"weakness_summary\\\": \\\"Improper input validation of special characters in passphrase parameters during WPS operations.\\\",\\n \\\"attack_surface\\\": \\\"Network-accessible WPS service interfaces on affected hostapd and wpa_supplicant instances.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"The vulnerability requires network access to WPS-enabled services but no authentication, user interaction, or elevated privileges. Attack complexity is low, making exploitation straightforward for attackers with network proximity.\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of active exploitation in input data\\\", \\\"EPSS score suggests moderate exploitation likelihood\\\", \\\"Public disclosure occurred in 2016 with vendor advisories\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes - attacker must reach WPS service interface\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"While the CVSS score indicates HIGH severity with network-accessible attack vector and no authentication requirements, the vulnerability dates to 2016 with no evidence of active exploitation. The DoS impact is significant but temporary (service restart required). Priority should focus on identifying exposed instances and scheduling patches during standard maintenance windows.\\\",\\n \\\"recommended_sla\\\": \\\"30 days for internet-facing systems; 90 days for internal networks\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Availability: High (Complete service outage requiring manual intervention)\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation crashes the hostapd or wpa_supplicant daemon, terminating all active Wi-Fi connections and preventing new associations until service restart. No confidentiality or integrity impact.\\\",\\n \\\"blast_radius\\\": \\\"Single daemon instance per attack; however, widespread deployment across access points and client devices creates broad exposure surface. WPS-enabled networks are particularly vulnerable.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to availability impact on wireless infrastructure. Risk is elevated for organizations with critical Wi-Fi dependencies (IoT operations, wireless-first offices, embedded systems) but mitigated by the age of the vulnerability and lack of observed exploitation. Compensating controls like network segmentation and WPS disablement reduce exposure.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"hostapd\\\", \\\"wpa_supplicant\\\", \\\"Ubuntu Linux 14.04 ESM\\\", \\\"Ubuntu Linux 16.04 LTS\\\", \\\"Ubuntu Linux 17.04\\\"],\\n \\\"affected_versions\\\": \\\"hostapd 0.6.7 through 2.5; wpa_supplicant 0.6.7 through 2.5\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"WPS functionality must be enabled and network-accessible for exploitation\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High - internet-facing access points with WPS enabled are directly exploitable by remote attackers\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"WPS DoS Attack on Enterprise Access Point\\\",\\n \\\"attacker_goal\\\": \\\"Disrupt wireless connectivity for business operations\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker identifies WPS-enabled access point on target network\\\", \\\"Craft malicious WPS message containing newline characters in passphrase field\\\", \\\"Send crafted packet to trigger daemon crash and service outage\\\"],\\n \\\"likely_targets\\\": \\\"Internet-facing access points, guest wireless networks, embedded devices with WPS enabled\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Coordinated Wireless Infrastructure Disruption\\\",\\n \\\"attacker_goal\\\": \\\"Degrade organizational wireless capabilities across multiple access points\\\",\\n \\\"steps_high_level\\\": [\\\"Map network for multiple vulnerable hostapd instances\\\", \\\"Launch simultaneous WPS DoS attacks against multiple access points\\\", \\\"Exploit management interface weaknesses to prevent rapid recovery\\\"],\\n \\\"likely_targets\\\": \\\"Organizations with homogeneous wireless infrastructure using affected hostapd versions\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Hardening\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Apply vendor patches to upgrade hostapd and wpa_supplicant beyond version 2.5\\\",\\n \\\"Disable WPS functionality on all access points where not explicitly required for operations\\\",\\n \\\"Implement network segmentation to restrict WPS service access to trusted management networks only\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disable WPS and implement rate limiting on WPS service ports as temporary measures\\\",\\n \\\"patching_notes\\\": \\\"Coordinate patching with wireless infrastructure maintenance windows due to potential service interruption during updates\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify hostapd and wpa_supplicant versions are updated beyond 2.5 using package manager queries\\\",\\n \\\"Confirm WPS is disabled in configuration files and management interfaces\\\",\\n \\\"Test wireless connectivity and authentication functionality post-patch\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous configurations; ensure WPS disablement doesn't break legitimate use cases before permanent deployment\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor hostapd and wpa_supplicant process crashes using system logs and process monitoring tools\\\",\\n \\\"Alert on unusual WPS protocol traffic patterns or malformed WPS messages containing newline characters\\\",\\n \\\"Correlate wireless service outages with network scans or WPS enumeration activities\\\",\\n \\\"Search for repeated connection attempts to WPS service ports from single sources\\\",\\n \\\"Monitor for configuration changes that re-enable WPS functionality after hardening\\\",\\n \\\"Track EPSS score changes and threat intelligence feeds for exploitation activity\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00796\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Moderate - affects widely deployed open-source Wi-Fi components used across multiple Linux distributions and embedded systems\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Fixed versions\\\", \\\"Vendor patch availability\\\", \\\"Detailed exploit technical analysis\\\", \\\"CISA KEV status\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS scores show discrepancy between sources (0.6100 vs 0.00796) - using most recent EPSS value of 0.00796\\\"],\\n \\\"assumptions_made\\\": [\\\"WPS functionality must be enabled for exploitation\\\", \\\"Manual service restart required for recovery\\\", \\\"No privilege escalation or code execution possible\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear but missing patch information and exploitation evidence limit complete assessment\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://www.openwall.com/lists/oss-security/2016/05/03/12\\\",\\n \\\"http://www.ubuntu.com/usn/USN-3455-1\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"44\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2017-13077\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2017-13077\\\",\\n \\\"title\\\": \\\"WPA2 Four-Way Handshake PTK/TK Reinstallation Vulnerability (KRACK)\\\",\\n \\\"short_description\\\": \\\"Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability fundamentally undermines WPA2's cryptographic guarantees by allowing an attacker to force nonce reuse, leading to key reinstallation and enabling decryption of traffic, packet replay, and potentially injection of malicious frames. It affects the core handshake mechanism used by virtually all modern Wi-Fi networks and devices, exposing sensitive data transmitted over what should be a protected wireless channel. The attack requires proximity but no authentication, making it a significant threat to enterprise Wi-Fi security, guest networks, and any wireless-dependent infrastructure.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.0\\\",\\n \\\"cvss_base_score\\\": \\\"6.8\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-323: Reusing a Nonce, Key Pair in Encryption\\\"],\\n \\\"weakness_summary\\\": \\\"The vulnerability allows reinstallation of the Pairwise Transient Key (PTK) and Temporal Key (TK) during the four-way handshake, breaking cryptographic nonce uniqueness and enabling key reuse attacks.\\\",\\n \\\"attack_surface\\\": \\\"Wireless networks using WPA or WPA2; specifically the 4-way handshake process between supplicants (clients) and authenticators (access points).\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Public PoC\\\",\\n \\\"exploit_summary\\\": \\\"Public proof-of-concept tools (e.g., KRACK attack scripts) demonstrate practical exploitation. Attack complexity is high due to timing requirements and the need to manipulate handshake messages precisely, but the attack surface is broad and well-documented.\\\",\\n \\\"evidence_signals\\\": [\\n \\\"Publicly disclosed as part of the KRACK (Key Reinstallation Attack) research with detailed technical analysis.\\\",\\n \\\"Multiple vendor advisories acknowledging the vulnerability and providing patches.\\\",\\n \\\"Proof-of-concept code and demonstration videos widely available.\\\"\\n ],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Adjacent (wireless radio range)\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"High (requires precise timing and manipulation of handshake messages)\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"High - Urgent Verification\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"While CVSS base score is MEDIUM, the vulnerability affects the core WPA2 protocol and has public PoCs. The primary risk is data confidentiality and integrity compromise over wireless networks. Immediate verification of patch status across all Wi-Fi infrastructure (APs, controllers) and client devices is required, especially for internet-exposed or sensitive network segments.\\\",\\n \\\"recommended_sla\\\": \\\"Verify patch status within 72 hours; apply patches within 14 days for critical assets, 30 days for others.\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Confidentiality and Integrity compromise (Availability not directly affected).\\\",\\n \\\"technical_impact_details\\\": \\\"Attackers within radio range can decrypt Wi-Fi frames, replay packets, and potentially inject malicious traffic. This exposes unencrypted upper-layer protocols (HTTP, SMTP, etc.) and may enable session hijacking or credential theft. The attack does not recover the Wi-Fi password but breaks per-session encryption.\\\",\\n \\\"blast_radius\\\": \\\"All WPA/WPA2 wireless networks and connected clients within radio range of an attacker. Enterprise environments with dense Wi-Fi deployments, guest networks, and IoT devices are particularly exposed.\\\",\\n \\\"business_risk_rating\\\": \\\"4\\\",\\n \\\"business_risk_justification\\\": \\\"High business risk due to widespread exposure of wireless traffic, potential for data exfiltration, compliance violations (e.g., PCI-DSS for wireless networks), and reputational damage. While exploitation requires proximity, public areas, guest networks, and perimeter-adjacent offices are viable attack vectors.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\n \\\"w1.fi hostapd (multiple versions)\\\",\\n \\\"w1.fi wpa_supplicant (multiple versions)\\\",\\n \\\"Canonical Ubuntu Linux (14.04 LTS, 16.04 LTS, 17.04)\\\",\\n \\\"Debian Linux (8.0, 9.0)\\\",\\n \\\"FreeBSD (multiple versions)\\\",\\n \\\"Red Hat Enterprise Linux (Desktop 7, Server 7)\\\",\\n \\\"SUSE Linux Enterprise (multiple versions)\\\",\\n \\\"OpenSUSE Leap (42.2, 42.3)\\\"\\n ],\\n \\\"affected_versions\\\": \\\"Multiple versions of hostapd, wpa_supplicant, and various Linux/Unix operating systems as listed in CPE data.\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Any configuration using WPA or WPA2 (personal or enterprise) is affected. WPA3 is not affected. TKIP and CCMP are both vulnerable.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High relevance for internet-facing or guest Wi-Fi networks where attackers can achieve radio proximity without physical access controls.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Wireless Eavesdropping and Data Exfiltration\\\",\\n \\\"attacker_goal\\\": \\\"Decrypt sensitive data transmitted over Wi-Fi, such as credentials, emails, or unencrypted application data.\\\",\\n \\\"steps_high_level\\\": [\\n \\\"Attacker positions within radio range of target Wi-Fi network.\\\",\\n \\\"Attacker uses KRACK tool to force PTK/TK reinstallation during client handshake.\\\",\\n \\\"Attacker captures encrypted frames and decrypts using compromised keystream.\\\",\\n \\\"Attacker extracts sensitive information from decrypted traffic.\\\"\\n ],\\n \\\"likely_targets\\\": \\\"Guest Wi-Fi networks, open office spaces, public-facing lobbies, and any wireless networks transmitting unencrypted or weakly encrypted application data.\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Session Hijacking and Man-in-the-Middle\\\",\\n \\\"attacker_goal\\\": \\\"Hijack active sessions (e.g., web sessions, VPN connections) by replaying or injecting traffic.\\\",\\n \\\"steps_high_level\\\": [\\n \\\"Attacker forces key reinstallation to enable packet injection.\\\",\\n \\\"Attacker replays session cookies or authentication tokens.\\\",\\n \\\"Attacker injects malicious frames to redirect traffic or escalate privileges.\\\",\\n \\\"Attacker establishes MITM position to manipulate application-layer protocols.\\\"\\n ],\\n \\\"likely_targets\\\": \\\"Employees using Wi-Fi for corporate applications, VPN connections, or cloud services without additional end-to-end encryption.\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Update\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Apply vendor-provided patches to all Wi-Fi access points, controllers, and client devices (wpa_supplicant, hostapd, OS drivers).\\\",\\n \\\"Prioritize patching internet-exposed or guest Wi-Fi networks and critical infrastructure segments first.\\\",\\n \\\"Enforce use of HTTPS, VPNs, and application-layer encryption to protect data in transit even if Wi-Fi encryption is compromised.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disable Wi-Fi and use wired connections where feasible; implement network segmentation to isolate wireless traffic; use VPNs for all wireless access.\\\",\\n \\\"patching_notes\\\": \\\"Patches must be applied to both APs and clients. Client-side patches (wpa_supplicant) are critical as they prevent key reinstallation. AP-side patches (hostapd) help but may not fully mitigate client-side vulnerabilities.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify patch levels on all Wi-Fi infrastructure (APs, controllers) and client devices using asset inventory and vulnerability scanning.\\\",\\n \\\"Test wireless connectivity post-patch to ensure no service disruption.\\\",\\n \\\"Monitor for anomalous wireless activity or handshake failures that might indicate exploitation attempts.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Patches should not cause service disruption, but if issues arise, rollback may require firmware/driver downgrade. Test in non-production first.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for repeated four-way handshake messages or anomalous EAPOL frame patterns indicative of key reinstallation attempts.\\\",\\n \\\"Alert on wireless clients experiencing multiple disconnections or reconnections in short timeframes, potentially signaling attack activity.\\\",\\n \\\"Use WIDS/WIPS to detect rogue APs or clients attempting to manipulate handshake messages.\\\",\\n \\\"Hunt for decrypted wireless traffic anomalies or unexpected protocol behavior in network logs.\\\",\\n \\\"Correlate physical access logs with wireless security events to identify potential attackers within radio range.\\\",\\n \\\"Monitor for tools like aireplay-ng or scapy being used in proximity to corporate networks.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00789\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High relevance due to widespread use of wpa_supplicant and hostapd in embedded systems, IoT devices, and Linux distributions.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\n \\\"Fixed versions for affected products\\\",\\n \\\"Explicit CISA KEV status\\\",\\n \\\"Public exploit references (URLs)\\\",\\n \\\"Detailed vendor patch notes\\\"\\n ],\\n \\\"conflicts_or_ambiguities\\\": [\\n \\\"EPSS score discrepancy: cves_euvd reports 0.7700 while cves_epss reports 0.00789. Using cves_epss as authoritative source.\\\"\\n ],\\n \\\"assumptions_made\\\": [\\n \\\"Assumed 'Public PoC' exploit status based on widespread KRACK research and tool availability, though input does not explicitly state active in-the-wild exploitation.\\\",\\n \\\"Assumed high business risk due to wireless exposure and data exfiltration potential, even though CVSS score is MEDIUM.\\\"\\n ],\\n \\\"confidence\\\": \\\"High confidence in vulnerability details and affected products; moderate confidence in exploit status (no explicit in-the-wild evidence).\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt\\\",\\n \\\"http://www.debian.org/security/2017/dsa-3999\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"49\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2017-13082\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2017-13082\\\",\\n \\\"title\\\": \\\"WPA2 Fast BSS Transition (FT) Handshake PTK/TK Reinstallation Vulnerability\\\",\\n \\\"short_description\\\": \\\"Wi-Fi Protected Access (WPA and WPA2) implementations supporting IEEE 802.11r (Fast BSS Transition) allow reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake. An attacker within radio range can exploit this to replay, decrypt, or spoof frames.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability undermines the core confidentiality and integrity guarantees of WPA2 by allowing key reinstallation during roaming handshakes. Attackers within radio range can decrypt traffic, inject malicious frames, and potentially hijack sessions without requiring authentication. The flaw affects a wide range of operating systems and Wi-Fi infrastructure components, making it a systemic risk to enterprise wireless networks.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.0\\\",\\n \\\"cvss_base_score\\\": \\\"8.1\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\\\",\\n \\\"severity_label\\\": \\\"HIGH\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-323: Reusing a Nonce, Key Pair in Encryption\\\"],\\n \\\"weakness_summary\\\": \\\"The vulnerability allows reinstallation of an already-in-use encryption key during the 802.11r FT handshake, breaking the cryptographic guarantee that each session uses a unique key. This enables keystream reuse attacks similar to the KRACK (Key Reinstallation Attack) family.\\\",\\n \\\"attack_surface\\\": \\\"Wireless networks supporting 802.11r Fast BSS Transition; both client devices (wpa_supplicant) and access points (hostapd) are affected. Attack surface requires attacker proximity within radio range.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Public PoC\\\",\\n \\\"exploit_summary\\\": \\\"Public proof-of-concept tools (e.g., KRACK attack scripts) demonstrate practical exploitation. Attack requires proximity to target wireless network and ability to inject forged handshake messages.\\\",\\n \\\"evidence_signals\\\": [\\\"Multiple vendor advisories acknowledging vulnerability\\\", \\\"Academic research paper and demonstration\\\", \\\"Widespread media coverage of KRACK attacks\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Adjacent (wireless radio range)\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low - standard packet injection tools suffice\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"High - Urgent Verification\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"High CVSS score (8.1) with low attack complexity and no authentication required. Public PoC exists and affects core wireless security infrastructure. While exploitation requires radio proximity, enterprise environments with 802.11r-enabled networks face significant risk.\\\",\\n \\\"recommended_sla\\\": \\\"Verify patch status within 72 hours; apply patches within 14 days for internet-exposed or high-risk environments\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"High confidentiality and integrity impact; no availability impact\\\",\\n \\\"technical_impact_details\\\": \\\"Attackers can decrypt WPA2-encrypted traffic, inject malicious packets, and potentially hijack TCP connections or manipulate application data. Does not directly compromise the Wi-Fi password or allow network persistence.\\\",\\n \\\"blast_radius\\\": \\\"All devices using WPA2 with 802.11r support on affected OS versions and Wi-Fi stacks. Includes clients (laptops, mobile devices) and infrastructure (access points, controllers).\\\",\\n \\\"business_risk_rating\\\": \\\"4\\\",\\n \\\"business_risk_justification\\\": \\\"High technical severity with practical exploitability. While radio-range requirement limits some exposure, enterprise environments with dense wireless deployments, guest networks, or sensitive data transmission face substantial risk. Compliance implications for data protection regulations.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"w1.fi hostapd\\\", \\\"w1.fi wpa_supplicant\\\", \\\"Ubuntu Linux\\\", \\\"Debian Linux\\\", \\\"FreeBSD\\\", \\\"Red Hat Enterprise Linux\\\", \\\"SUSE Linux Enterprise\\\", \\\"OpenSUSE Leap\\\"],\\n \\\"affected_versions\\\": \\\"Multiple versions of hostapd and wpa_supplicant prior to patches; various OS distributions as listed in CPE data\\\",\\n \\\"fixed_versions\\\": \\\"Check vendor-specific advisories for patched versions (typically hostapd/wpa_supplicant 2.6+ with backports available)\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires 802.11r (Fast BSS Transition) support to be enabled and in use\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Indirect - wireless networks may provide internet access but vulnerability requires radio proximity\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Wireless Traffic Decryption\\\",\\n \\\"attacker_goal\\\": \\\"Decrypt sensitive data transmitted over WPA2 network\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker positions within radio range of target network\\\", \\\"Injects forged FT handshake messages to trigger key reinstallation\\\", \\\"Captures encrypted traffic and decrypts using compromised keystream\\\"],\\n \\\"likely_targets\\\": \\\"Corporate wireless networks, guest Wi-Fi, IoT devices\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Session Hijacking and Data Injection\\\",\\n \\\"attacker_goal\\\": \\\"Manipulate application data or hijack user sessions\\\",\\n \\\"steps_high_level\\\": [\\\"Exploit key reinstallation to decrypt traffic\\\", \\\"Identify active sessions (HTTP, SSH, etc.)\\\", \\\"Inject malicious packets or hijack TCP connections\\\"],\\n \\\"likely_targets\\\": \\\"Users accessing web applications, remote access protocols, unencrypted internal services\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Update\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Apply vendor-provided patches to all affected Wi-Fi clients and access points, prioritizing infrastructure components first.\\\",\\n \\\"Disable 802.11r Fast BSS Transition on wireless controllers and access points if not required for operational needs.\\\",\\n \\\"Enforce WPA3 transition where supported and implement additional layer-7 encryption (HTTPS, VPN) for sensitive applications.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disable 802.11r Fast BSS Transition feature; use WPA3-SAE if available; implement network segmentation and monitoring\\\",\\n \\\"patching_notes\\\": \\\"Patches typically involve updating wpa_supplicant (client) and hostapd (AP) to versions that prevent key reinstallation. Some vendors released firmware updates for embedded devices.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Inventory all wireless infrastructure and client devices for 802.11r support and patch levels.\\\",\\n \\\"Test patched devices in controlled environment to verify FT handshake behavior.\\\",\\n \\\"Monitor wireless logs for anomalous handshake patterns or injection attempts.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Patching typically non-disruptive; test roaming performance post-patch to ensure no degradation\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for repeated FT handshake messages or abnormal 802.11r frame patterns using wireless intrusion detection systems (WIDS).\\\",\\n \\\"Alert on MAC addresses with excessive authentication attempts or handshake retries within short time windows.\\\",\\n \\\"Deploy endpoint monitoring to detect wpa_supplicant/hostapd versions with known vulnerabilities.\\\",\\n \\\"Use network traffic analysis to identify potential decryption anomalies or unexpected packet injection.\\\",\\n \\\"Hunt for client devices exhibiting unusual roaming behavior or connection instability indicative of attack.\\\",\\n \\\"Correlate wireless events with application-layer anomalies (e.g., unexpected session resets, data manipulation).\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Public PoC available; no confirmed widespread in-the-wild exploitation at scale\\\",\\n \\\"public_exploit_references\\\": \\\"KRACK attack demonstration tools and research papers\\\",\\n \\\"epss\\\": \\\"0.00399 (0.59905 percentile)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High - affects multiple OS vendors and Wi-Fi stack implementations\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Specific vendor patch release dates\\\", \\\"Detailed exploit code references\\\", \\\"CISA KEV status\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS score discrepancy between sources (0.3900 vs 0.00399) - likely different measurement dates or methodologies\\\"],\\n \\\"assumptions_made\\\": [\\\"802.11r must be enabled for exploitation\\\", \\\"Radio proximity is required\\\", \\\"Public PoC tools are referenced but not explicitly linked\\\"],\\n \\\"confidence\\\": \\\"High - vulnerability well-documented with consistent technical details across sources\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html\\\",\\n \\\"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"51\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2017-13086\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2017-13086\\\",\\n \\\"title\\\": \\\"WPA2 TDLS TPK Reinstallation Vulnerability (KRACK variant)\\\",\\n \\\"short_description\\\": \\\"Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability enables attackers within radio range to compromise confidentiality and integrity of Wi‑Fi traffic between TDLS peers without breaking the AP-to-client encryption. It undermines the cryptographic guarantees of WPA2 for peer-to-peer links and is part of the broader KRACK attack family, which received widespread public attention and vendor coordination.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.0\\\",\\n \\\"cvss_base_score\\\": \\\"6.8\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-323: Reusing a Nonce, Key Pair in Encryption\\\"],\\n \\\"weakness_summary\\\": \\\"The TDLS handshake implementation permits reinstallation of the TPK, leading to nonce reuse or key material reuse that breaks cryptographic protections for peer-to-peer frames.\\\",\\n \\\"attack_surface\\\": \\\"Wi‑Fi clients and APs with TDLS enabled; requires proximity (adjacent network access) and the ability to manipulate handshake messages.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Public PoC\\\",\\n \\\"exploit_summary\\\": \\\"Public proof-of-concept tools for KRACK attacks exist and can be adapted to TDLS; exploitation requires being within radio range and manipulating TDLS handshake frames.\\\",\\n \\\"evidence_signals\\\": [\\n \\\"Broad public disclosure and coordinated vendor advisories (Aruba, Debian, others) indicate exploitability.\\\",\\n \\\"Academic and independent researcher demonstrations of KRACK attacks are widely available.\\\",\\n \\\"EPSS score suggests low but non-zero real-world exploitation likelihood.\\\"\\n ],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Adjacent (Wi‑Fi radio range)\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"High (requires precise timing and frame manipulation)\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"CVSS 6.8 MEDIUM with High attack complexity; no active in-the-wild exploitation signals found in input. TDLS is not universally enabled, reducing exposure. Prioritize patching within standard maintenance windows unless TDLS is heavily used or devices are internet-exposed.\\\",\\n \\\"recommended_sla\\\": \\\"Apply patches within 90 days; verify TDLS usage and exposure first.\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Confidentiality and Integrity compromise of peer-to-peer Wi‑Fi traffic; Availability not directly affected.\\\",\\n \\\"technical_impact_details\\\": \\\"Attackers can replay, decrypt, or spoof frames between TDLS peers. Session keys may be weakened or reset to known values, enabling traffic decryption and injection.\\\",\\n \\\"blast_radius\\\": \\\"Limited to TDLS-enabled clients within radio range; does not break AP-to-client encryption directly. Impact scales with number of TDLS-capable devices and usage of TDLS in the environment.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate risk: requires physical proximity and TDLS usage, but successful attacks can expose sensitive peer-to-peer communications. Risk is higher in dense Wi‑Fi environments (offices, campuses) and for organizations with regulatory data-protection requirements.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\n \\\"w1.fi hostapd (multiple versions through 2.6)\\\",\\n \\\"w1.fi wpa_supplicant (multiple versions through 2.6)\\\",\\n \\\"Canonical Ubuntu Linux (14.04 LTS, 16.04 LTS, 17.04)\\\",\\n \\\"Debian Linux (8.0, 9.0)\\\",\\n \\\"FreeBSD (multiple versions including 10.x, 11.x)\\\",\\n \\\"Red Hat Enterprise Linux Desktop/Server 7\\\",\\n \\\"SUSE Linux Enterprise (Desktop 12 SP2/SP3, Server 11/12, OpenStack Cloud 6)\\\",\\n \\\"openSUSE Leap (42.2, 42.3)\\\"\\n ],\\n \\\"affected_versions\\\": \\\"Multiple versions of hostapd, wpa_supplicant, and OS distributions as listed; broadly affects implementations supporting TDLS prior to patches.\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"TDLS must be enabled and used between peers; many clients enable TDLS by default for performance optimization.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Low for internet-facing systems (requires radio proximity), but significant for guest Wi‑Fi or publicly accessible hotspots where attackers can achieve adjacent access.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"TDLS Peer Traffic Decryption\\\",\\n \\\"attacker_goal\\\": \\\"Eavesdrop on and decrypt sensitive peer-to-peer Wi‑Fi traffic between two enterprise clients.\\\",\\n \\\"steps_high_level\\\": [\\n \\\"Attacker positions within radio range of two TDLS-enabled clients and captures TDLS handshake frames.\\\",\\n \\\"Attacker replays or manipulates TDLS handshake messages to force TPK reinstallation, inducing nonce reuse.\\\",\\n \\\"Attacker uses known cryptographic weaknesses from nonce reuse to decrypt or inject frames between peers.\\\"\\n ],\\n \\\"likely_targets\\\": \\\"Enterprise laptops, mobile devices, or IoT endpoints using TDLS for direct communication.\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Frame Injection and Spoofing\\\",\\n \\\"attacker_goal\\\": \\\"Inject malicious payloads or spoof peer identities to escalate privileges or pivot within the network.\\\",\\n \\\"steps_high_level\\\": [\\n \\\"Attacker forces TPK reinstallation to weaken or reset session keys.\\\",\\n \\\"Attacker crafts and injects malicious frames that appear to originate from a legitimate peer.\\\",\\n \\\"Attacker leverages injected frames to deliver exploits, exfiltrate data, or manipulate peer behavior.\\\"\\n ],\\n \\\"likely_targets\\\": \\\"Devices in dense Wi‑Fi environments (conference rooms, open offices) where TDLS is active.\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Apply vendor-provided patches for hostapd, wpa_supplicant, and operating systems to prevent TPK reinstallation.\\\",\\n \\\"Disable TDLS on clients and APs if peer-to-peer Wi‑Fi optimization is not required, reducing the attack surface.\\\",\\n \\\"Deploy network segmentation and monitoring to detect anomalous TDLS handshake patterns or frame manipulation attempts.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disabling TDLS is a viable workaround if peer-to-peer Wi‑Fi is not needed; use wired or AP-routed communication instead.\\\",\\n \\\"patching_notes\\\": \\\"Coordinate patching with change control; test on non-production systems first. Prioritize devices in high-density or public Wi‑Fi areas.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify installed versions of hostapd and wpa_supplicant against patched releases from vendor advisories.\\\",\\n \\\"Confirm TDLS status on clients and APs using configuration checks or network scans.\\\",\\n \\\"Review Wi‑Fi monitoring logs for unusual TDLS handshake retries or key reinstallation events.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Patching Wi‑Fi drivers or supplicants may cause connectivity issues; maintain pre-patch images and test rollback procedures.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for repeated TDLS handshake attempts or TPK reinstallation events in Wi‑Fi driver or supplicant logs.\\\",\\n \\\"Use wireless intrusion detection systems (WIDS) to flag anomalous TDLS frame patterns or replay attempts.\\\",\\n \\\"Correlate EDR/NDR alerts for unexpected peer-to-peer traffic decryption or injection on Wi‑Fi clients.\\\",\\n \\\"Hunt for clients establishing TDLS links in unexpected network segments or with unauthorized peers.\\\",\\n \\\"Analyze packet captures for nonce reuse indicators in TDLS-encrypted frames (requires cryptographic analysis).\\\",\\n \\\"Deploy KRACK-specific detection scripts that look for key reinstallation anomalies in WPA2 handshakes.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00301 (score); 0.52956 (percentile); 0.2900 (alternative source)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Affects common Wi‑Fi implementations (hostapd, wpa_supplicant) used across many OS distributions and embedded devices.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\n \\\"Fixed versions or patch links from vendors\\\",\\n \\\"Explicit evidence of in-the-wild exploitation\\\",\\n \\\"CISA KEV status\\\",\\n \\\"Public exploit references (PoC links)\\\"\\n ],\\n \\\"conflicts_or_ambiguities\\\": [\\n \\\"EPSS scores differ between sources (0.00301 vs 0.2900); using EPSS source value per instructions.\\\",\\n \\\"Severity label MEDIUM conflicts with CVSS base score 6.8 (HIGH threshold typically 7.0–8.9); following NVD label.\\\"\\n ],\\n \\\"assumptions_made\\\": [\\n \\\"TDLS may be enabled by default on many clients; actual exposure depends on usage.\\\",\\n \\\"Patching requires vendor-specific updates; no universal patch version is provided in input.\\\"\\n ],\\n \\\"confidence\\\": \\\"Medium: Core vulnerability details are clear, but missing fixed versions and exploitation signals limit precision.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt\\\",\\n \\\"http://www.debian.org/security/2017/dsa-3999\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"53\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2017-13088\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2017-13088\\\",\\n \\\"title\\\": \\\"WPA/WPA2 802.11v IGTK Reinstallation Vulnerability\\\",\\n \\\"short_description\\\": \\\"Wi-Fi Protected Access (WPA and WPA2) implementations supporting 802.11v allow reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, enabling an attacker within radio range to replay frames from access points to clients.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows attackers within radio range to replay group-addressed frames from access points to clients, potentially leading to packet injection, disruption of multicast/broadcast traffic, and degradation of Wi‑Fi integrity protections. While it does not directly expose data confidentiality, it undermines the cryptographic integrity guarantees expected from WPA/WPA2 and can facilitate network manipulation attacks.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.0\\\",\\n \\\"cvss_base_score\\\": \\\"5.3\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"Not available / Not specified in input data\\\"],\\n \\\"weakness_summary\\\": \\\"Key reinstallation vulnerability in 802.11v WNM Sleep Mode Response handling, allowing IGTK reuse and frame replay.\\\",\\n \\\"attack_surface\\\": \\\"Wi‑Fi networks using WPA/WPA2 with 802.11v support; requires attacker within radio range.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires proximity (adjacent network access), high attack complexity, and successful manipulation of WNM Sleep Mode Response frames to trigger IGTK reinstallation.\\\",\\n \\\"evidence_signals\\\": [\\\"No explicit evidence of in-the-wild exploitation or public PoC in input data\\\", \\\"EPSS score indicates low exploitation likelihood\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Adjacent (wireless radio range)\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"High\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium CVSS score with high attack complexity and no evidence of active exploitation; patching should be scheduled within standard maintenance windows for affected Wi‑Fi infrastructure and clients.\\\",\\n \\\"recommended_sla\\\": \\\"90 days\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Integrity impact (High), no confidentiality or availability impact per CVSS.\\\",\\n \\\"technical_impact_details\\\": \\\"Attackers can replay group-addressed frames, potentially injecting packets or disrupting multicast/broadcast traffic; does not directly compromise data confidentiality.\\\",\\n \\\"blast_radius\\\": \\\"Limited to clients and access points within radio range; impact scales with deployment density and 802.11v usage.\\\",\\n \\\"business_risk_rating\\\": \\\"2\\\",\\n \\\"business_risk_justification\\\": \\\"Low likelihood of exploitation due to high complexity and proximity requirement; moderate impact limited to integrity of multicast/broadcast traffic. Risk is elevated only in environments with dense Wi‑Fi deployments or critical reliance on multicast applications.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"w1.fi hostapd\\\", \\\"w1.fi wpa_supplicant\\\", \\\"Ubuntu Linux\\\", \\\"Debian Linux\\\", \\\"FreeBSD\\\", \\\"openSUSE Leap\\\", \\\"Red Hat Enterprise Linux\\\", \\\"SUSE Linux Enterprise\\\"],\\n \\\"affected_versions\\\": \\\"Multiple versions of hostapd and wpa_supplicant up to and including 2.6; various OS distributions (Ubuntu 14.04/16.04/17.04, Debian 8.0/9.0, FreeBSD 10/11, RHEL 7, etc.).\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires WPA/WPA2 with 802.11v support enabled.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Limited to local wireless networks; no direct internet exposure unless Wi‑Fi is bridged to internet-facing infrastructure.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Multicast Frame Replay Attack\\\",\\n \\\"attacker_goal\\\": \\\"Disrupt multicast/broadcast traffic or inject malicious packets.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker within radio range captures WNM Sleep Mode Response frames\\\", \\\"Attacker manipulates frames to trigger IGTK reinstallation\\\", \\\"Attacker replays group-addressed frames to clients\\\"],\\n \\\"likely_targets\\\": \\\"Wi‑Fi clients and access points in dense environments (offices, public spaces).\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Network Manipulation via Packet Injection\\\",\\n \\\"attacker_goal\\\": \\\"Degrade network integrity or facilitate secondary attacks.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker exploits IGTK reinstallation to inject forged group frames\\\", \\\"Injected frames disrupt network services or client behavior\\\", \\\"Secondary attacks (e.g., DoS) may follow\\\"],\\n \\\"likely_targets\\\": \\\"Organizations relying on multicast applications (video streaming, IoT devices).\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch management and configuration hardening\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Apply vendor patches for affected hostapd, wpa_supplicant, and operating system distributions to prevent IGTK reinstallation.\\\",\\n \\\"Disable 802.11v WNM Sleep Mode on access points and clients if not required, reducing attack surface.\\\",\\n \\\"Segment Wi‑Fi networks and enforce strict access controls to limit exposure to adjacent-network attackers.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disabling 802.11v WNM Sleep Mode may mitigate the vulnerability if patching is not immediately feasible.\\\",\\n \\\"patching_notes\\\": \\\"Coordinate patching with maintenance windows; prioritize internet-facing or high-density Wi‑Fi deployments.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify patch installation on access points and clients using version checks for hostapd/wpa_supplicant.\\\",\\n \\\"Test Wi‑Fi connectivity and multicast functionality post-patch to ensure no operational impact.\\\",\\n \\\"Monitor for anomalous group frame activity or replay attempts using wireless intrusion detection systems.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Rollback may require reverting to pre-patch firmware/software versions; ensure backups and tested rollback procedures are available.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for repeated or anomalous WNM Sleep Mode Response frames in wireless packet captures.\\\",\\n \\\"Alert on unexpected IGTK rekeying events or group frame replay patterns using WIDS/WIPS.\\\",\\n \\\"Hunt for packet injection attempts targeting multicast/broadcast traffic in affected Wi‑Fi segments.\\\",\\n \\\"Correlate client disconnections or multicast disruptions with potential exploitation activity.\\\",\\n \\\"Review logs from access points and clients for 802.11v-related errors or unusual behavior.\\\",\\n \\\"Deploy endpoint detection rules to flag suspicious Wi‑Fi frame processing on patched vs. unpatched systems.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00191 (EPSS source), 0.1900 (EUVS source); low exploitation likelihood\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Affects widely used Wi‑Fi implementations (hostapd, wpa_supplicant) across multiple OS distributions; supply chain impact is moderate.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"CWE IDs\\\", \\\"Fixed versions\\\", \\\"Vendor advisories with patch links\\\", \\\"Explicit evidence of exploitation\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"Conflicting EPSS scores between sources (0.00191 vs. 0.1900); using lower value as conservative estimate\\\"],\\n \\\"assumptions_made\\\": [\\\"High attack complexity inferred from CVSS AC:H metric\\\", \\\"No in-the-wild exploitation assumed due to lack of explicit evidence\\\"],\\n \\\"confidence\\\": \\\"Medium – Core vulnerability details are clear, but missing patch information and conflicting EPSS scores reduce confidence in prioritization.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html\\\",\\n \\\"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"55\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2019-11555\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2019-11555\\\",\\n \\\"title\\\": \\\"EAP-pwd NULL Pointer Dereference DoS in hostapd and wpa_supplicant\\\",\\n \\\"short_description\\\": \\\"The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly when an unexpected fragment is received, leading to a NULL pointer dereference and denial of service.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows an unauthenticated network attacker to crash critical authentication infrastructure (hostapd EAP server or wpa_supplicant EAP peer) by sending a malformed EAP-pwd fragment, disrupting wireless authentication services and potentially causing extended outages until manual restart.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.0\\\",\\n \\\"cvss_base_score\\\": \\\"5.9\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-476\\\"],\\n \\\"weakness_summary\\\": \\\"NULL Pointer Dereference in EAP-pwd fragmentation reassembly logic\\\",\\n \\\"attack_surface\\\": \\\"Network-accessible EAP-pwd authentication endpoints (hostapd EAP server, wpa_supplicant EAP peer)\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"No evidence of in-the-wild exploitation or public PoC; however, the vulnerability requires only network access and a crafted EAP-pwd fragment, with moderate complexity due to timing requirements for fragment injection.\\\",\\n \\\"evidence_signals\\\": [\\\"No CISA KEV listing\\\", \\\"No vendor reports of active exploitation\\\", \\\"EPSS score 0.09076 (9.08%) indicates low current exploitation likelihood\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes - attacker must be able to send packets to the EAP-pwd service\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"High - requires precise timing to inject unexpected fragment during reassembly\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity DoS with no evidence of active exploitation; affects authentication infrastructure but requires high attack complexity and has been publicly known since 2019. Prioritize patching during next maintenance window for affected systems.\\\",\\n \\\"recommended_sla\\\": \\\"90 days from identification\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Availability impact (High) - complete service termination of affected authentication daemon\\\",\\n \\\"technical_impact_details\\\": \\\"NULL pointer dereference causes immediate process termination of hostapd or wpa_supplicant, disrupting all associated wireless authentication services until manual restart. No confidentiality or integrity impact.\\\",\\n \\\"blast_radius\\\": \\\"Limited to systems running EAP-pwd authentication; affects both enterprise AP infrastructure (hostapd) and client devices (wpa_supplicant) using EAP-pwd method\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"DoS vulnerability in critical authentication infrastructure with potential for service disruption, but limited to EAP-pwd deployments (less common than EAP-PEAP/EAP-TLS) and requires specific network conditions to exploit\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"hostapd\\\", \\\"wpa_supplicant\\\"],\\n \\\"affected_versions\\\": \\\"hostapd before 2.8, wpa_supplicant before 2.8\\\",\\n \\\"fixed_versions\\\": \\\"hostapd 2.8 and later, wpa_supplicant 2.8 and later\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires EAP-pwd authentication method to be enabled and configured\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Medium - EAP-pwd services typically on internal networks but may be exposed via VPN or guest wireless; external exploitation unlikely due to authentication requirements\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Targeted DoS Against Enterprise Wireless Infrastructure\\\",\\n \\\"attacker_goal\\\": \\\"Disrupt wireless authentication services to cause operational impact\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker gains network access to EAP-pwd enabled AP\\\", \\\"Craft malformed EAP-pwd fragment with unexpected sequence\\\", \\\"Send fragment during active authentication session\\\", \\\"Trigger NULL pointer dereference and crash hostapd process\\\"],\\n \\\"likely_targets\\\": \\\"Enterprise wireless access points and authentication servers using EAP-pwd\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Client-Side DoS via Rogue AP\\\",\\n \\\"attacker_goal\\\": \\\"Crash client wpa_supplicant to disrupt device connectivity\\\",\\n \\\"steps_high_level\\\": [\\\"Set up rogue AP advertising EAP-pwd support\\\", \\\"Wait for client to initiate EAP-pwd authentication\\\", \\\"Inject unexpected fragment during reassembly\\\", \\\"Trigger NULL dereference in client wpa_supplicant\\\"],\\n \\\"likely_targets\\\": \\\"Client devices (laptops, mobile devices) configured for EAP-pwd authentication\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Hardening\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade hostapd to version 2.8 or later and wpa_supplicant to version 2.8 or later on all affected systems.\\\",\\n \\\"Disable EAP-pwd authentication method if not required for operational needs to eliminate attack surface.\\\",\\n \\\"Implement network segmentation to restrict access to EAP authentication services only to authorized clients and authentication servers.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Restart affected services automatically via monitoring/process supervision (systemd, supervisor) to reduce DoS impact duration\\\",\\n \\\"patching_notes\\\": \\\"Verify EAP-pwd functionality post-upgrade; check for any custom configurations that may need adjustment\\\",\\n \\\"verification_steps\\\": [\\n \\\"Confirm current versions of hostapd and wpa_supplicant using 'hostapd -v' and 'wpa_supplicant -v' commands.\\\",\\n \\\"Review wireless authentication logs for EAP-pwd usage and any crash events related to NULL pointer dereferences.\\\",\\n \\\"Test EAP-pwd authentication functionality after patching to ensure service availability and correct behavior.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous versions and configurations; test rollback procedures in non-production environment\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor hostapd and wpa_supplicant process crashes using system logs (journalctl, syslog) and process monitoring tools.\\\",\\n \\\"Alert on repeated authentication failures or service restarts within short time windows that may indicate exploitation attempts.\\\",\\n \\\"Search network traffic logs for malformed EAP-pwd packets or unusual fragmentation patterns directed at authentication infrastructure.\\\",\\n \\\"Correlate wireless authentication service outages with network scanning activity or suspicious source IPs.\\\",\\n \\\"Implement EDR/SIEM rules to detect NULL pointer dereference exceptions in hostapd/wpa_supplicant processes.\\\",\\n \\\"Monitor for unexpected EAP-pwd authentication attempts from unauthorized network segments or external sources.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"No evidence of active exploitation in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.09076 (9.08%)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Affects widely used open-source wireless authentication components; potential impact on embedded systems and IoT devices using older versions\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed vendor patch release dates\\\", \\\"Specific exploit code availability\\\", \\\"CISA KEV status confirmation\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS score discrepancy: cves_euvd shows 9.0800 while cves_epss shows 0.09076 - using cves_epss value as more recent (2025-11-23)\\\"],\\n \\\"assumptions_made\\\": [\\\"EAP-pwd deployment scope assumed limited based on typical enterprise wireless configurations\\\", \\\"Attack complexity rated as High based on CVSS:3.0 AC:H metric\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details well-documented, but limited current threat intelligence and exploitation data available\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://www.openwall.com/lists/oss-security/2019/04/26/1\\\",\\n \\\"https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"57\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2019-9495\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"LOW\",\n            \"cvss_score\": 3.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2019-9495\\\",\\n \\\"title\\\": \\\"Side-channel attack in EAP-PWD implementations (hostapd and wpa_supplicant)\\\",\\n \\\"short_description\\\": \\\"The EAP-PWD implementations in hostapd and wpa_supplicant are vulnerable to side-channel attacks via cache access pattern observation, potentially allowing weak passwords to be cracked.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows attackers to recover weak EAP-PWD passwords through side-channel analysis of cache access patterns. While it requires local code execution and shared cache access, it directly undermines authentication security in WPA2-Enterprise and other EAP-PWD deployments. The attack targets the cryptographic protocol implementation rather than the network protocol itself, making traditional network-based defenses insufficient.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"3.7\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\\\",\\n \\\"severity_label\\\": \\\"LOW\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-203: Observable Discrepancy\\\"],\\n \\\"weakness_summary\\\": \\\"Side-channel information leakage through cache access patterns during EAP-PWD password authentication\\\",\\n \\\"attack_surface\\\": \\\"Local system with shared cache and ability to execute attacker-controlled code\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Low\\\",\\n \\\"exploit_summary\\\": \\\"Requires local code execution and shared cache access to observe memory access patterns during EAP-PWD authentication\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of in-the-wild exploitation\\\", \\\"EPSS score 0.06034 (90th percentile but low absolute risk)\\\", \\\"No public PoC references in input data\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"No (local access required)\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None (but requires ability to execute code)\\\",\\n \\\"attack_complexity\\\": \\\"High (requires sophisticated side-channel analysis)\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Low - Monitor\\\",\\n \\\"triage_team\\\": \\\"Monitoring\\\",\\n \\\"triage_rationale\\\": \\\"Low CVSS score (3.7), high attack complexity, requires local code execution and shared cache access. No evidence of active exploitation. Impact limited to weak password recovery. Priority should focus on monitoring for any exploit development while maintaining standard patch cycles.\\\",\\n \\\"recommended_sla\\\": \\\"90 days for standard patch deployment\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Confidentiality impact only (password disclosure for weak credentials)\\\",\\n \\\"technical_impact_details\\\": \\\"Attackers with local code execution can observe cache access patterns during EAP-PWD authentication and potentially recover weak passwords. No integrity or availability impact.\\\",\\n \\\"blast_radius\\\": \\\"Limited to systems running vulnerable hostapd/wpa_supplicant versions with EAP-PWD enabled and weak passwords. Requires attacker to already have code execution on shared hardware.\\\",\\n \\\"business_risk_rating\\\": \\\"2\\\",\\n \\\"business_risk_justification\\\": \\\"Limited impact due to high prerequisites (local code execution, shared cache). Only affects weak passwords. However, EAP-PWD deployments in enterprise WPA2-Enterprise environments could be compromised if weak passwords are used. Risk increases if infrastructure allows untrusted code execution.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"w1.fi hostapd\\\", \\\"w1.fi wpa_supplicant\\\", \\\"Fedora 28\\\", \\\"Fedora 29\\\", \\\"Fedora 30\\\", \\\"openSUSE Backports SLE 15.0\\\", \\\"openSUSE Leap 15.1\\\", \\\"Synology RADIUS Server 3.0\\\", \\\"Synology Router Manager\\\", \\\"Debian Linux 8.0\\\", \\\"FreeBSD 11.2\\\", \\\"FreeBSD 12.0\\\"],\\n \\\"affected_versions\\\": \\\"All versions of hostapd and wpa_supplicant with EAP-PWD support prior to 2.7\\\",\\n \\\"fixed_versions\\\": \\\"hostapd/wpa_supplicant 2.7 and newer (for timing attack component)\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires EAP-PWD authentication method to be enabled and configured\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Low - requires local system access rather than network exposure\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Shared Cloud Infrastructure Compromise\\\",\\n \\\"attacker_goal\\\": \\\"Recover EAP-PWD passwords from co-located virtual machines\\\",\\n \\\"steps_high_level\\\": [\\\"Gain initial access to cloud VM sharing hardware with target\\\", \\\"Deploy cache side-channel monitoring code\\\", \\\"Observe cache access patterns during EAP-PWD authentication\\\", \\\"Recover weak passwords through pattern analysis\\\"],\\n \\\"likely_targets\\\": \\\"Cloud-deployed RADIUS servers or authentication endpoints using EAP-PWD with weak passwords\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Insider Threat - Shared Workstation\\\",\\n \\\"attacker_goal\\\": \\\"Extract wireless authentication credentials from shared development systems\\\",\\n \\\"steps_high_level\\\": [\\\"Execute malicious code on shared development workstation\\\", \\\"Monitor cache activity during legitimate user EAP-PWD authentication\\\", \\\"Analyze memory access patterns to derive password information\\\", \\\"Use recovered credentials for lateral movement\\\"],\\n \\\"likely_targets\\\": \\\"Corporate workstations with shared access running vulnerable wpa_supplicant versions\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Hardening\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade hostapd and wpa_supplicant to version 2.7 or newer to address timing attack vectors.\\\",\\n \\\"Enforce strong password policies for EAP-PWD authentication (minimum 12 characters, complexity requirements).\\\",\\n \\\"Implement strict access controls to prevent unauthorized code execution on systems running EAP-PWD services.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disable EAP-PWD authentication method if not required; use alternative EAP methods such as EAP-TLS with certificate-based authentication\\\",\\n \\\"patching_notes\\\": \\\"Versions 2.7+ address timing attack component but may still be vulnerable to other side-channel variations. Consider defense-in-depth approach with strong passwords as primary protection.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify current hostapd/wpa_supplicant versions using 'wpa_supplicant -v' or package manager queries.\\\",\\n \\\"Review EAP-PWD configuration files to confirm authentication method usage.\\\",\\n \\\"Audit password policies for EAP-PWD credentials to ensure complexity requirements.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Standard package management rollback procedures apply; verify EAP authentication functionality after updates\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for unusual cache access pattern monitoring tools or processes on systems running EAP-PWD services\\\",\\n \\\"Alert on unauthorized code execution attempts on authentication infrastructure systems\\\",\\n \\\"Hunt for password cracking tools or rainbow table generation on shared infrastructure\\\",\\n \\\"Monitor EAP authentication logs for repeated failed authentication attempts followed by success\\\",\\n \\\"Implement file integrity monitoring on wpa_supplicant and hostapd configuration files\\\",\\n \\\"Review system logs for signs of side-channel attack tools (cache monitoring, timing analysis utilities)\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"No evidence of in-the-wild exploitation\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.06034\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - affects widely deployed authentication components in enterprise wireless infrastructure\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Vendor-specific patch availability details\\\", \\\"Detailed technical analysis of cache attack methodology\\\", \\\"Specific vulnerable version ranges for each affected product\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS scores show discrepancy: 3.2500 vs 0.06034 (likely different scoring methodologies)\\\", \\\"Description mentions 'all versions with EAP-PWD support' but fix version 2.7+ suggests specific version boundary\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed 'ability to install and execute applications' means local code execution privilege\\\", \\\"Interpreted 'shared cache' as requirement for co-located execution on same hardware\\\", \\\"Assumed weak passwords are those vulnerable to practical brute-force within attack window\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear but specific exploitation techniques and current threat landscape details are limited\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html\\\",\\n \\\"http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"59\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2019-9497\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2019-9497\\\",\\n \\\"title\\\": \\\"EAP-PWD Authentication Bypass in hostapd and wpa_supplicant\\\",\\n \\\"short_description\\\": \\\"The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows authentication bypass in the EAP-PWD protocol used in WPA2-Enterprise and WPA3-Enterprise wireless networks. An attacker can potentially gain network access without valid credentials, leading to unauthorized network infiltration and lateral movement opportunities. The impact is particularly significant in enterprise environments where EAP-PWD is deployed for secure wireless authentication.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.0\\\",\\n \\\"cvss_base_score\\\": \\\"8.1\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\\\",\\n \\\"severity_label\\\": \\\"HIGH\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-287\\\"],\\n \\\"weakness_summary\\\": \\\"Improper Authentication - The implementation fails to validate cryptographic parameters during EAP-PWD authentication, allowing bypass of authentication mechanisms.\\\",\\n \\\"attack_surface\\\": \\\"Wireless authentication protocols, specifically EAP-PWD implementations in hostapd and wpa_supplicant components.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"The vulnerability requires network access and high attack complexity. While authentication bypass is possible, full key exchange completion depends on crypto library implementation details.\\\",\\n \\\"evidence_signals\\\": [\\\"CVSS Attack Complexity: High\\\", \\\"Network-based attack vector\\\", \\\"No authentication required for exploitation attempt\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes - Adjacent network access required\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"High\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"High - Urgent Verification\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"High CVSS score (8.1) with potential authentication bypass in critical wireless infrastructure components. Requires immediate assessment of EAP-PWD deployment scope and crypto library dependencies.\\\",\\n \\\"recommended_sla\\\": \\\"7 days for assessment and patch planning\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"High impact on confidentiality, integrity, and availability. Authentication bypass can lead to unauthorized network access and potential lateral movement.\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation allows attackers to authenticate without credentials, though session key derivation may fail depending on crypto library EC point validation.\\\",\\n \\\"blast_radius\\\": \\\"All systems using vulnerable hostapd or wpa_supplicant with EAP-PWD authentication enabled. Particularly impacts enterprise wireless networks and authentication servers.\\\",\\n \\\"business_risk_rating\\\": \\\"4\\\",\\n \\\"business_risk_justification\\\": \\\"Authentication bypass in enterprise wireless infrastructure poses significant security risk. While attack complexity is high, successful exploitation could compromise network segmentation and access controls.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"hostapd\\\", \\\"wpa_supplicant\\\", \\\"Fedora 28\\\", \\\"Fedora 29\\\", \\\"Fedora 30\\\"],\\n \\\"affected_versions\\\": \\\"All versions prior to patches (specific version numbers not provided in input data)\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires EAP-PWD authentication to be enabled and configured\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High - Wireless networks are typically perimeter-facing and accessible from adjacent networks\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Enterprise Wireless Network Infiltration\\\",\\n \\\"attacker_goal\\\": \\\"Gain unauthorized access to enterprise wireless network\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker positions within wireless range of target network\\\", \\\"Crafts malicious EAP-PWD Commit message with invalid scalar/element values\\\", \\\"Exploits validation flaw to complete authentication without valid credentials\\\"],\\n \\\"likely_targets\\\": \\\"Enterprise WPA2/WPA3-Enterprise wireless networks using EAP-PWD authentication\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Lateral Movement Gateway\\\",\\n \\\"attacker_goal\\\": \\\"Use compromised wireless access as pivot point for internal network attacks\\\",\\n \\\"steps_high_level\\\": [\\\"Successfully authenticate to wireless network via EAP-PWD bypass\\\", \\\"Establish network presence on internal segment\\\", \\\"Conduct reconnaissance and lateral movement activities\\\"],\\n \\\"likely_targets\\\": \\\"Organizations with flat network architectures or insufficient network segmentation\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Update\\\",\\n \\\"mitigation_action\\\": [\\\"Apply vendor-provided patches to hostapd and wpa_supplicant implementations immediately.\\\", \\\"Disable EAP-PWD authentication method if not actively required for network operations.\\\", \\\"Implement network access control (NAC) and monitoring to detect unauthorized authentication attempts.\\\"],\\n \\\"workarounds\\\": \\\"Disable EAP-PWD authentication method and migrate to alternative EAP methods (EAP-TLS, PEAP, etc.) if feasible.\\\",\\n \\\"patching_notes\\\": \\\"Coordinate patching with wireless infrastructure maintenance windows. Test patches in non-production environment first.\\\",\\n \\\"verification_steps\\\": [\\\"Verify patch installation on all affected hostapd and wpa_supplicant instances.\\\", \\\"Test EAP-PWD authentication functionality post-patch to ensure service availability.\\\", \\\"Monitor authentication logs for suspicious EAP-PWD activity patterns.\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain backup configurations and prepare rollback procedures in case of patch-related service disruption.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor wireless authentication logs for EAP-PWD authentication failures followed by unexpected successful authentications\\\",\\n \\\"Alert on EAP-PWD authentication attempts from unknown or suspicious MAC addresses\\\",\\n \\\"Implement network monitoring for unusual authentication timing patterns in EAP-PWD exchanges\\\",\\n \\\"Correlate wireless authentication events with network access patterns to identify bypass attempts\\\",\\n \\\"Monitor for authentication attempts using modified EAP-PWD Commit messages\\\",\\n \\\"Track and alert on successful EAP-PWD authentications that bypass normal credential validation\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.08116\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - Affects widely deployed open-source wireless authentication components\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Specific affected version ranges\\\", \\\"Fixed version information\\\", \\\"Vendor patch availability details\\\", \\\"CISA KEV status\\\", \\\"Public exploit availability\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS score discrepancy: 8.1200 vs 0.08116 - using 0.08116 as it matches EPSS source format\\\"],\\n \\\"assumptions_made\\\": [\\\"High attack complexity limits immediate exploitation risk\\\", \\\"Crypto library EC point validation may prevent full key exchange exploitation\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear, but specific exploitation details and current threat landscape information are limited\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html\\\",\\n \\\"http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"60\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2019-9498\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2019-9498\\\",\\n \\\"title\\\": \\\"EAP-PWD Authentication Bypass in hostapd and wpa_supplicant\\\",\\n \\\"short_description\\\": \\\"The EAP-PWD implementations in hostapd EAP Server and wpa_supplicant, when built against a crypto library lacking explicit validation on imported elements, fail to validate scalar and element values in EAP-pwd-Commit. An attacker can use invalid scalar/element values to complete authentication without knowing the password, obtaining the session key and network access.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows an attacker to bypass password-based authentication in WPA2-Enterprise and similar deployments using EAP-PWD, leading to unauthorized network access and potential lateral movement. The flaw resides in a widely deployed Wi-Fi authentication component and affects both client (wpa_supplicant) and server (hostapd) implementations, creating a broad attack surface across enterprise and embedded systems.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"8.1\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\\\",\\n \\\"severity_label\\\": \\\"HIGH\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-287\\\"],\\n \\\"weakness_summary\\\": \\\"Improper Authentication - The implementation does not properly validate cryptographic parameters during EAP-PWD authentication, allowing authentication bypass when specific library conditions are met.\\\",\\n \\\"attack_surface\\\": \\\"Network-accessible EAP-PWD authentication endpoints in wireless infrastructure (access points, RADIUS servers) and client devices using affected wpa_supplicant versions.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires network access to EAP-PWD endpoints and depends on the target being built against crypto libraries lacking explicit validation. Attack complexity is high due to cryptographic manipulation requirements.\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of in-the-wild exploitation in input data\\\", \\\"EPSS score indicates low exploitation prevalence\\\", \\\"Vulnerability requires specific library build configuration\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes - Adjacent network access to EAP-PWD authentication endpoint\\\",\\n \\\"authentication_required\\\": \\\"No - This is an authentication bypass vulnerability\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"High - Requires cryptographic manipulation and specific library configuration\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"High - Urgent Verification\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"While exploit complexity is high, successful exploitation grants full network access equivalent to legitimate authentication. Requires immediate verification of deployment scope, library dependencies, and compensating controls before determining patch urgency.\\\",\\n \\\"recommended_sla\\\": \\\"Initial assessment within 24 hours; remediation within 30 days based on exposure assessment\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"High impact on confidentiality, integrity, and availability - Authentication bypass leads to unauthorized network access, potential data exposure, and lateral movement opportunities.\\\",\\n \\\"technical_impact_details\\\": \\\"Complete authentication bypass in EAP-PWD implementations allows attackers to derive session keys without password knowledge, enabling man-in-the-middle attacks, network infiltration, and credential harvesting.\\\",\\n \\\"blast_radius\\\": \\\"Wide - Affects both client (wpa_supplicant) and server (hostapd) components across multiple operating systems and embedded devices. Impact limited to deployments using EAP-PWD authentication method.\\\",\\n \\\"business_risk_rating\\\": \\\"4\\\",\\n \\\"business_risk_justification\\\": \\\"High business risk due to authentication bypass nature and broad deployment scope, though mitigated by high attack complexity and dependency on specific library configurations. Organizations using EAP-PWD for wireless authentication face significant security exposure.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"w1.fi hostapd\\\", \\\"w1.fi wpa_supplicant\\\", \\\"Fedora 28/29/30\\\", \\\"OpenSUSE Backports SLE 15.0/15.0 SP1\\\", \\\"OpenSUSE Leap 15.1\\\", \\\"Debian Linux 8.0\\\", \\\"Synology RADIUS Server 3.0\\\", \\\"Synology Router Manager 1.2\\\", \\\"FreeBSD 11.2/12.0 (multiple patch levels)\\\"],\\n \\\"affected_versions\\\": \\\"hostapd and wpa_supplicant versions 2.4 and earlier; various OS distributions with unpatched packages\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires EAP-PWD authentication method in use; vulnerability manifests when built against crypto libraries lacking explicit validation on imported elements\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High - Wireless authentication endpoints may be accessible from network-adjacent positions; internet-facing RADIUS servers using EAP-PWD are particularly exposed\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Enterprise Wireless Network Infiltration\\\",\\n \\\"attacker_goal\\\": \\\"Gain unauthorized access to corporate wireless network using EAP-PWD authentication\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker identifies target network using EAP-PWD authentication\\\", \\\"Crafts malicious EAP-pwd-Commit messages with invalid scalar/element values\\\", \\\"Completes authentication without valid credentials and obtains session key\\\"],\\n \\\"likely_targets\\\": \\\"Enterprise wireless networks, educational institutions, government facilities using WPA2-Enterprise with EAP-PWD\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"RADIUS Server Compromise\\\",\\n \\\"attacker_goal\\\": \\\"Bypass authentication on RADIUS servers supporting EAP-PWD for network access\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker gains network adjacency to RADIUS server\\\", \\\"Exploits validation flaw in EAP-PWD implementation\\\", \\\"Obtains unauthorized network access credentials and potential administrative access\\\"],\\n \\\"likely_targets\\\": \\\"RADIUS authentication servers, network access control systems, ISP authentication infrastructure\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Update\\\",\\n \\\"mitigation_action\\\": [\\\"Upgrade hostapd and wpa_supplicant to versions that include proper scalar/element validation in EAP-pwd-Commit messages.\\\", \\\"Audit and rebuild affected systems against crypto libraries that provide explicit validation on imported elements.\\\", \\\"Disable EAP-PWD authentication method if not required, replacing with more secure EAP methods such as EAP-TLS.\\\"],\\n \\\"workarounds\\\": \\\"Implement network segmentation to limit exposure of EAP-PWD endpoints; deploy intrusion detection systems to monitor for authentication anomalies; use certificate-based EAP methods instead of password-based authentication\\\",\\n \\\"patching_notes\\\": \\\"Verify that patches include proper validation of cryptographic parameters in EAP-pwd-Commit; test authentication functionality post-patch; coordinate with wireless infrastructure vendors for embedded device updates\\\",\\n \\\"verification_steps\\\": [\\\"Inventory all systems using hostapd or wpa_supplicant with EAP-PWD enabled\\\", \\\"Verify crypto library versions and validation capabilities on affected systems\\\", \\\"Test authentication functionality after patch deployment\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain backup configurations and authentication logs; ensure alternative authentication methods remain available during patch deployment\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor RADIUS authentication logs for EAP-PWD authentication failures followed by successful authentication from same source\\\",\\n \\\"Deploy network monitoring to detect anomalous EAP-PWD message patterns or invalid cryptographic parameters\\\",\\n \\\"Implement wireless intrusion detection systems to identify authentication bypass attempts\\\",\\n \\\"Correlate authentication events with device profiling to identify unauthorized devices gaining network access\\\",\\n \\\"Monitor for unusual network traffic patterns from newly authenticated devices\\\",\\n \\\"Hunt for authentication events where EAP-PWD Commit messages contain malformed or invalid parameters\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.01063\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - Affects widely used open-source wireless authentication components embedded in multiple vendor products and distributions\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Fixed versions not specified\\\", \\\"Vendor patch availability unclear\\\", \\\"Specific crypto library requirements not detailed\\\", \\\"Exploitation evidence limited\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS scores show discrepancy between sources (1.0600 vs 0.01063)\\\", \\\"Description truncation in some data sources\\\", \\\"Affected version ranges incompletely specified\\\"],\\n \\\"assumptions_made\\\": [\\\"High attack complexity inferred from CVSS metrics and description\\\", \\\"Limited exploitation assumed based on absence of in-the-wild evidence\\\", \\\"EAP-PWD deployment scope estimated based on typical enterprise wireless deployments\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear, but specific exploitation details and patch availability require additional vendor consultation\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html\\\",\\n \\\"https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"61\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2019-9499\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2019-9499\\\",\\n \\\"title\\\": \\\"EAP-PWD Authentication Bypass in wpa_supplicant and hostapd\\\",\\n \\\"short_description\\\": \\\"The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows authentication bypass in enterprise wireless networks using EAP-PWD, potentially granting unauthorized network access and session key compromise. The flaw affects core Wi-Fi security infrastructure components (wpa_supplicant and hostapd) widely deployed across enterprise environments, embedded systems, and network appliances. Successful exploitation enables attackers to establish unauthorized network connections, intercept traffic, and potentially pivot to internal network resources.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"8.1\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\\\",\\n \\\"severity_label\\\": \\\"HIGH\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-287\\\"],\\n \\\"weakness_summary\\\": \\\"Improper Authentication - The EAP-PWD implementation fails to validate cryptographic parameters (scalar and element values) during the EAP-pwd-Commit exchange when built against crypto libraries lacking explicit validation.\\\",\\n \\\"attack_surface\\\": \\\"Wireless authentication protocols (EAP-PWD), specifically the EAP-pwd-Commit message exchange during 802.1X authentication.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires network access to EAP-PWD authentication endpoints and depends on the target being built against specific crypto library configurations. Attack complexity is high due to cryptographic protocol manipulation requirements.\\\",\\n \\\"evidence_signals\\\": [\\\"No explicit evidence of in-the-wild exploitation found in input data\\\", \\\"EPSS score indicates low exploitation prevalence (1.06%)\\\", \\\"Vulnerability affects authentication bypass class which historically sees targeted exploitation\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Network-adjacent access to wireless authentication infrastructure\\\",\\n \\\"authentication_required\\\": \\\"No authentication required to initiate attack\\\",\\n \\\"user_interaction_required\\\": \\\"No user interaction required\\\",\\n \\\"privileges_required\\\": \\\"No privileges required\\\",\\n \\\"attack_complexity\\\": \\\"High - requires manipulation of cryptographic protocol parameters and specific library configuration conditions\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"High - Urgent Verification\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"High CVSS score (8.1) with authentication bypass impact warrants urgent verification of affected systems and crypto library configurations. While exploit complexity is high, successful exploitation enables complete authentication bypass. Priority focus on wireless infrastructure, embedded devices, and systems using EAP-PWD authentication.\\\",\\n \\\"recommended_sla\\\": \\\"Verify affected systems within 72 hours; apply patches within 30 days for internet-exposed systems, 60 days for internal systems\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Complete authentication bypass leading to unauthorized network access, session key compromise, and potential data interception capabilities.\\\",\\n \\\"technical_impact_details\\\": \\\"Confidentiality: High (session keys compromised, traffic interception). Integrity: High (unauthorized network access, potential MITM positioning). Availability: High (control of data connection).\\\",\\n \\\"blast_radius\\\": \\\"Medium to High - affects all systems using EAP-PWD authentication with vulnerable crypto library configurations. Includes wireless access points, authentication servers, embedded devices, and enterprise wireless infrastructure.\\\",\\n \\\"business_risk_rating\\\": \\\"4\\\",\\n \\\"business_risk_justification\\\": \\\"Authentication bypass in core wireless security infrastructure poses significant risk to network perimeter security. While exploit complexity is high, successful exploitation enables unauthorized network access, potential data exfiltration, and lateral movement opportunities. Risk elevated for organizations with sensitive data, regulatory compliance requirements, or extensive wireless deployments.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"w1.fi hostapd\\\", \\\"w1.fi wpa_supplicant\\\", \\\"Synology Radius Server\\\", \\\"Synology Router Manager\\\", \\\"Fedora 28/29/30\\\", \\\"OpenSUSE Backports SLE 15.0/15.1\\\", \\\"Debian Linux 8.0\\\", \\\"FreeBSD 11.2/12.0\\\"],\\n \\\"affected_versions\\\": \\\"hostapd and wpa_supplicant versions up to and including 2.4 when built against crypto libraries missing explicit validation on imported elements\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires EAP-PWD support enabled and builds against crypto libraries lacking explicit validation of imported cryptographic elements\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High - wireless authentication endpoints may be internet-accessible in enterprise environments, guest networks, or cloud-managed Wi-Fi solutions\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Enterprise Wireless Network Infiltration\\\",\\n \\\"attacker_goal\\\": \\\"Gain unauthorized access to corporate wireless network and intercept sensitive traffic\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker identifies target network using EAP-PWD authentication\\\", \\\"Crafts malicious EAP-pwd-Commit messages with invalid scalar/element values\\\", \\\"Exploits missing validation to complete authentication without valid credentials\\\", \\\"Establishes unauthorized network session and captures session keys\\\"],\\n \\\"likely_targets\\\": \\\"Enterprise wireless networks, guest Wi-Fi systems, IoT devices using EAP-PWD\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Embedded Device Compromise\\\",\\n \\\"attacker_goal\\\": \\\"Compromise embedded devices using vulnerable wpa_supplicant implementations\\\",\\n \\\"steps_high_level\\\": [\\\"Identify IoT/embedded devices with vulnerable wpa_supplicant versions\\\", \\\"Exploit EAP-PWD validation flaw during device authentication\\\", \\\"Gain network access and potentially compromise device management interfaces\\\", \\\"Use compromised device as pivot point for lateral movement\\\"],\\n \\\"likely_targets\\\": \\\"IoT devices, network appliances, embedded systems with wireless connectivity\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Update\\\",\\n \\\"mitigation_action\\\": [\\\"Upgrade wpa_supplicant and hostapd to versions that include proper validation of EAP-pwd-Commit scalar and element values.\\\", \\\"Audit and update crypto library configurations to ensure explicit validation of imported cryptographic elements.\\\", \\\"Disable EAP-PWD authentication method if not required, replacing with more secure EAP methods like EAP-TLS.\\\"],\\n \\\"workarounds\\\": \\\"Implement network segmentation to isolate systems using EAP-PWD authentication. Deploy 802.1X monitoring solutions to detect anomalous authentication patterns.\\\",\\n \\\"patching_notes\\\": \\\"Verify crypto library dependencies when applying patches. Test authentication functionality post-update. Coordinate with wireless infrastructure teams for access point updates.\\\",\\n \\\"verification_steps\\\": [\\\"Inventory all systems using wpa_supplicant or hostapd with EAP-PWD support\\\", \\\"Verify crypto library versions and validation capabilities\\\", \\\"Test authentication functionality after patch application\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain backup configurations and authentication logs. Plan for potential authentication service interruption during updates.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor EAP-PWD authentication logs for repeated failed Commit exchanges followed by successful authentication\\\",\\n \\\"Alert on authentication attempts with unusual scalar/element parameter patterns\\\",\\n \\\"Deploy wireless IDS/IPS to detect manipulation of EAP-PWD protocol messages\\\",\\n \\\"Monitor for new wireless clients with unexpected MAC addresses or authentication patterns\\\",\\n \\\"Hunt for network sessions established without proper credential validation in RADIUS logs\\\",\\n \\\"Correlate authentication events with crypto library validation failures in system logs\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"1.0600\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - affects widely used open-source wireless security components embedded in multiple vendor products and distributions\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Specific fixed versions\\\", \\\"Vendor patch availability details\\\", \\\"Detailed exploit technical requirements\\\", \\\"CISA KEV status determination\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS scores show discrepancy between sources (1.0600 vs 0.01063)\\\", \\\"Affected version ranges lack specificity for some products\\\"],\\n \\\"assumptions_made\\\": [\\\"High attack complexity inferred from CVSS vector and cryptographic nature\\\", \\\"Internet exposure relevance assumed based on wireless infrastructure deployment patterns\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details well-documented, but missing specific patch information and exploit availability reduces confidence in complete assessment\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html\\\",\\n \\\"https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"65\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2022-23304\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2022-23304\\\",\\n \\\"title\\\": \\\"EAP-pwd Side-Channel Attack in hostapd and wpa_supplicant\\\",\\n \\\"short_description\\\": \\\"The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks due to cache access patterns. This issue exists because of an incomplete fix for CVE-2019-9495.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows attackers to recover EAP-pwd passwords via side-channel analysis of cache access patterns, potentially compromising enterprise Wi-Fi authentication. The flaw affects core Wi-Fi infrastructure components widely deployed in enterprise environments, enabling unauthorized network access and credential theft without requiring authentication or user interaction.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"9.8\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\\\",\\n \\\"severity_label\\\": \\\"CRITICAL\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-203: Observable Discrepancy\\\"],\\n \\\"weakness_summary\\\": \\\"Side-channel attack through cache access pattern analysis allows password recovery in EAP-pwd implementations\\\",\\n \\\"attack_surface\\\": \\\"Network-accessible EAP-pwd authentication endpoints in Wi-Fi infrastructure\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"No evidence of in-the-wild exploitation or public PoC found in input data, but vulnerability has high exploitability potential due to network-accessible nature and low attack complexity\\\",\\n \\\"evidence_signals\\\": [\\\"EPSS score 0.00056 (0.17 percentile) suggests low current exploitation likelihood\\\", \\\"No CISA KEV listing mentioned in input data\\\", \\\"No vendor advisories indicating active exploitation in input data\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Network\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"High - Urgent Verification\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"Critical CVSS score (9.8) with network-accessible attack vector and potential for credential compromise warrants immediate verification of affected systems and deployment status. While no active exploitation is documented, the incomplete fix from CVE-2019-9495 suggests persistent security weakness requiring attention.\\\",\\n \\\"recommended_sla\\\": \\\"72 hours for asset identification and patch planning\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"High confidentiality impact with potential integrity and availability compromise\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation allows attackers to recover EAP-pwd passwords through side-channel analysis, leading to unauthorized network access, credential theft, and potential lateral movement within enterprise environments\\\",\\n \\\"blast_radius\\\": \\\"All systems running hostapd or wpa_supplicant versions before 2.10 with EAP-pwd authentication enabled\\\",\\n \\\"business_risk_rating\\\": \\\"4\\\",\\n \\\"business_risk_justification\\\": \\\"High business risk due to critical CVSS score, network-accessible attack surface, and potential for complete authentication bypass in Wi-Fi infrastructure. The vulnerability affects core network security components and could enable broad unauthorized access to enterprise networks.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"hostapd\\\", \\\"wpa_supplicant\\\", \\\"Fedora 35\\\"],\\n \\\"affected_versions\\\": \\\"hostapd before 2.10, wpa_supplicant before 2.10\\\",\\n \\\"fixed_versions\\\": \\\"hostapd 2.10 and later, wpa_supplicant 2.10 and later\\\",\\n \\\"configuration_dependencies\\\": \\\"EAP-pwd authentication must be enabled and configured\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High relevance for internet-facing Wi-Fi access points and enterprise authentication systems\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Enterprise Wi-Fi Credential Harvesting\\\",\\n \\\"attacker_goal\\\": \\\"Recover EAP-pwd passwords to gain unauthorized network access\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker positions themselves within network range of target Wi-Fi infrastructure\\\", \\\"Attacker initiates EAP-pwd authentication attempts while monitoring cache access patterns\\\", \\\"Attacker analyzes side-channel data to recover authentication credentials\\\"],\\n \\\"likely_targets\\\": \\\"Enterprise Wi-Fi networks using EAP-pwd authentication, particularly those with internet-facing access points\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Lateral Movement via Compromised Authentication\\\",\\n \\\"attacker_goal\\\": \\\"Use recovered credentials for network lateral movement and privilege escalation\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker successfully recovers EAP-pwd credentials through side-channel analysis\\\", \\\"Attacker authenticates to enterprise network using compromised credentials\\\", \\\"Attacker moves laterally to access sensitive systems and data\\\"],\\n \\\"likely_targets\\\": \\\"Internal network resources accessible after EAP-pwd authentication compromise\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch Management\\\",\\n \\\"mitigation_action\\\": [\\\"Upgrade hostapd to version 2.10 or later to address the side-channel vulnerability\\\", \\\"Upgrade wpa_supplicant to version 2.10 or later across all affected client systems\\\", \\\"Disable EAP-pwd authentication method if not required for operational needs as temporary mitigation\\\"],\\n \\\"workarounds\\\": \\\"Consider disabling EAP-pwd and migrating to more secure authentication methods such as EAP-TLS if immediate patching is not feasible\\\",\\n \\\"patching_notes\\\": \\\"Ensure both server-side (hostapd) and client-side (wpa_supplicant) components are updated simultaneously to prevent compatibility issues\\\",\\n \\\"verification_steps\\\": [\\\"Verify current versions of hostapd and wpa_supplicant across all systems\\\", \\\"Confirm EAP-pwd configuration status and usage in environment\\\", \\\"Test authentication functionality after patch deployment\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain backup configurations and test rollback procedures before deploying patches in production environments\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for unusual EAP-pwd authentication patterns or repeated authentication attempts from single sources\\\",\\n \\\"Implement network monitoring for side-channel attack indicators such as timing analysis patterns\\\",\\n \\\"Deploy endpoint detection for cache analysis tools or unusual memory access patterns on authentication servers\\\",\\n \\\"Hunt for authentication bypass events or unauthorized network access following EAP-pwd authentication\\\",\\n \\\"Monitor for out-of-band credential usage or lateral movement from Wi-Fi authenticated sessions\\\",\\n \\\"Implement behavioral analysis for authentication timing variations that might indicate side-channel exploitation attempts\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00056\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - affects widely deployed open-source Wi-Fi authentication components\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed vendor advisory links\\\", \\\"Specific patch availability dates\\\", \\\"Complete affected version ranges beyond 'before 2.10'\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS scores show discrepancy: 0.0600 vs 0.00056 - using 0.00056 as it's from dedicated EPSS source with recent date\\\", \\\"Limited information about specific exploitation techniques or real-world impact\\\"],\\n \\\"assumptions_made\\\": [\\\"EAP-pwd is enabled in affected environments\\\", \\\"Both server and client components require patching\\\", \\\"No immediate active exploitation based on available data\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear but exploitation status and real-world impact lack specific evidence\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPDHU5MV464CZBPX7N2SNMUYP6DFIBZL/\\\",\\n \\\"https://security.gentoo.org/glsa/202309-16\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"68\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2015-5291\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2015-5291\\\",\\n \\\"title\\\": \\\"PolarSSL/mbed TLS Client SNI Heap Buffer Overflow\\\",\\n \\\"short_description\\\": \\\"Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname in the Server Name Indication (SNI) extension when creating a ClientHello message.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability affects TLS clients using PolarSSL/mbed TLS and can be triggered by a malicious SSL server when the client connects with SNI. Successful exploitation may lead to client crash (DoS) or remote code execution on the client, impacting confidentiality and integrity of the client system. The issue is relevant for embedded devices, IoT products, and applications using these library versions in client mode.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"2.0\\\",\\n \\\"cvss_base_score\\\": \\\"6.8\\\",\\n \\\"cvss_vector\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-122\\\"],\\n \\\"weakness_summary\\\": \\\"Heap-based buffer overflow due to improper bounds checking when processing long hostnames in the SNI extension of TLS ClientHello messages.\\\",\\n \\\"attack_surface\\\": \\\"TLS client implementation; triggered when connecting to a malicious SSL server presenting a long hostname in SNI.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires a client using a vulnerable library version to initiate a TLS connection to a malicious SSL server. The server sends a long hostname via SNI, triggering the overflow during ClientHello construction.\\\",\\n \\\"evidence_signals\\\": [\\\"No explicit evidence of in-the-wild exploitation found in input data\\\", \\\"EPSS score indicates low current exploitation likelihood\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"Yes (client must initiate connection to malicious server)\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Medium - requires client to connect to attacker-controlled server\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity heap overflow with potential RCE, but requires client-initiated connection to malicious server. No evidence of active exploitation. Priority is to identify affected clients and schedule updates during regular maintenance windows.\\\",\\n \\\"recommended_sla\\\": \\\"30-60 days for client systems; 90 days for embedded/IoT devices with update constraints\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Confidentiality: High, Integrity: High, Availability: Medium\\\",\\n \\\"technical_impact_details\\\": \\\"Heap overflow could allow remote code execution on client systems, potentially compromising sensitive data, credentials, and system integrity. DoS impact through client crash.\\\",\\n \\\"blast_radius\\\": \\\"Limited to clients using vulnerable PolarSSL/mbed TLS versions that connect to untrusted SSL servers. Server-side deployments are not directly affected.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate risk due to potential RCE on client systems, but exploitation requires specific conditions (client connecting to malicious server). Risk increases for organizations with embedded devices or IoT products using these library versions in client mode without proper network segmentation.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"ARM mbed TLS\\\", \\\"PolarSSL PolarSSL\\\", \\\"Debian Linux\\\", \\\"Fedora\\\", \\\"openSUSE Leap\\\", \\\"openSUSE\\\"],\\n \\\"affected_versions\\\": \\\"PolarSSL 1.x before 1.2.17; ARM mbed TLS 1.3.x before 1.3.14; ARM mbed TLS 2.x before 2.1.2\\\",\\n \\\"fixed_versions\\\": \\\"PolarSSL 1.2.17; ARM mbed TLS 1.3.14; ARM mbed TLS 2.1.2\\\",\\n \\\"configuration_dependencies\\\": \\\"Client-side TLS implementation must use SNI extension when connecting to SSL servers.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High for clients connecting to external SSL servers; medium for internal-only clients with controlled server access.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Malicious Server SNI Attack\\\",\\n \\\"attacker_goal\\\": \\\"Compromise client system through RCE or cause DoS\\\",\\n \\\"steps_high_level\\\": [\\\"Set up malicious SSL server with long hostname in SNI extension\\\", \\\"Lure victim client to connect (phishing, malicious link, or MITM)\\\", \\\"Trigger heap overflow during ClientHello construction\\\"],\\n \\\"likely_targets\\\": \\\"Clients using vulnerable PolarSSL/mbed TLS versions connecting to untrusted external servers\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Supply Chain Compromise\\\",\\n \\\"attacker_goal\\\": \\\"Widespread client compromise through trusted infrastructure\\\",\\n \\\"steps_high_level\\\": [\\\"Compromise legitimate SSL server infrastructure\\\", \\\"Configure server to send malicious SNI responses\\\", \\\"Exploit vulnerable clients during routine connections\\\"],\\n \\\"likely_targets\\\": \\\"Embedded devices and IoT products with automatic update mechanisms connecting to compromised update servers\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration\\\",\\n \\\"mitigation_action\\\": [\\\"Update PolarSSL to version 1.2.17 or later, or ARM mbed TLS to 1.3.14/2.1.2 or later on all client systems.\\\", \\\"Implement network segmentation to restrict client connections to trusted SSL servers only.\\\", \\\"Deploy endpoint detection rules to monitor for heap overflow indicators in TLS client processes.\\\"],\\n \\\"workarounds\\\": \\\"Disable SNI extension on clients if functionality is not required (may break connectivity to legitimate servers requiring SNI).\\\",\\n \\\"patching_notes\\\": \\\"Verify library versions in use across all client applications and embedded devices. Coordinate updates with application owners to ensure compatibility testing.\\\",\\n \\\"verification_steps\\\": [\\\"Inventory all systems using PolarSSL/mbed TLS libraries and verify versions.\\\", \\\"Test updated library versions in non-production environment before deployment.\\\", \\\"Monitor client crash logs and memory dumps for signs of exploitation attempts.\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain backups of previous library versions and application configurations. Test rollback procedures in case of compatibility issues with updated libraries.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for unexpected client process crashes during TLS handshake phases\\\",\\n \\\"Alert on network connections to suspicious SSL servers with unusually long hostnames\\\",\\n \\\"Hunt for heap corruption signatures in client application memory dumps\\\",\\n \\\"Detect anomalous TLS ClientHello message sizes exceeding normal SNI lengths\\\",\\n \\\"Monitor for outbound connections from embedded devices to untrusted SSL endpoints\\\",\\n \\\"Search logs for repeated connection failures to specific SSL servers with error patterns indicative of buffer overflow\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.01704\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - affects TLS library used in embedded devices and IoT products; potential for widespread impact if exploited through update mechanisms\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed CVSS vector string\\\", \\\"Vendor-specific advisory links\\\", \\\"Proof-of-concept availability information\\\", \\\"CISA KEV status\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"CVSS base score discrepancy: CVE record shows 0.0 while EUVD shows 6.8; using 6.8 as authoritative\\\", \\\"EPSS scores vary between sources (1.7000 vs 0.01704); using most recent EPSS value\\\"],\\n \\\"assumptions_made\\\": [\\\"Client-initiated connections are required for exploitation\\\", \\\"Server-side deployments are not directly vulnerable\\\", \\\"Modern TLS implementations have addressed similar SNI handling issues\\\"],\\n \\\"confidence\\\": \\\"Medium - sufficient technical detail available but missing exploit status confirmation and vendor-specific remediation guidance\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170317.html\\\",\\n \\\"http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"73\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2018-0487\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2018-0487\\\",\\n \\\"title\\\": \\\"ARM mbed TLS RSASSA-PSS Certificate Chain Buffer Overflow\\\",\\n \\\"short_description\\\": \\\"ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows unauthenticated remote attackers to achieve remote code execution or denial of service by sending a malicious certificate chain during TLS/DTLS handshakes. The flaw resides in RSASSA-PSS signature verification, a critical cryptographic operation, making it exploitable without authentication or user interaction across network-accessible TLS/DTLS services.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.0\\\",\\n \\\"cvss_base_score\\\": \\\"9.8\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\\\",\\n \\\"severity_label\\\": \\\"CRITICAL\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-120\\\"],\\n \\\"weakness_summary\\\": \\\"Buffer overflow in RSASSA-PSS signature verification during certificate chain parsing\\\",\\n \\\"attack_surface\\\": \\\"TLS/DTLS session establishment; specifically RSASSA-PSS signature verification logic\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires sending a crafted certificate chain during TLS/DTLS handshake. No authentication or user interaction needed. Attack complexity is low but requires understanding of certificate chain manipulation.\\\",\\n \\\"evidence_signals\\\": [\\\"CVSS 3.0 base score 9.8 with network attack vector\\\", \\\"No authentication required\\\", \\\"No user interaction required\\\", \\\"Low attack complexity\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes - remote attackers\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Critical - Patch Immediately\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Critical severity buffer overflow with RCE potential in cryptographic library affecting TLS/DTLS sessions. Network-accessible services are immediately vulnerable to unauthenticated attacks.\\\",\\n \\\"recommended_sla\\\": \\\"24-48 hours for patch deployment\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Complete system compromise (Confidentiality, Integrity, Availability)\\\",\\n \\\"technical_impact_details\\\": \\\"Remote code execution or denial of service through buffer overflow in certificate verification. Successful exploitation compromises TLS session security and underlying system.\\\",\\n \\\"blast_radius\\\": \\\"All systems running vulnerable mbed TLS versions with TLS/DTLS services exposed to network\\\",\\n \\\"business_risk_rating\\\": \\\"5\\\",\\n \\\"business_risk_justification\\\": \\\"Critical cryptographic library vulnerability enabling RCE without authentication. Affects core security infrastructure. High likelihood of exploitation attempts against exposed TLS services.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"ARM mbed TLS\\\", \\\"Debian Linux 8.0\\\", \\\"Debian Linux 9.0\\\"],\\n \\\"affected_versions\\\": \\\"ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0; Debian 8.0 and 9.0\\\",\\n \\\"fixed_versions\\\": \\\"ARM mbed TLS 1.3.22, 2.1.10, 2.7.0 and later\\\",\\n \\\"configuration_dependencies\\\": \\\"Systems must have TLS or DTLS services enabled and network-accessible\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Critical - directly affects internet-facing TLS/DTLS endpoints\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Remote Code Execution via Malicious TLS Handshake\\\",\\n \\\"attacker_goal\\\": \\\"Gain remote code execution on TLS server\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker crafts malicious certificate chain with manipulated RSASSA-PSS signatures\\\", \\\"Attacker initiates TLS/DTLS connection to vulnerable server\\\", \\\"Server processes certificate chain triggering buffer overflow during signature verification\\\", \\\"Attacker achieves RCE or causes DoS\\\"],\\n \\\"likely_targets\\\": \\\"Internet-facing TLS/DTLS servers using vulnerable mbed TLS versions\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Denial of Service Attack Against TLS Infrastructure\\\",\\n \\\"attacker_goal\\\": \\\"Crash TLS services to disrupt connectivity\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker creates certificate chain designed to trigger buffer overflow\\\", \\\"Multiple attack vectors launched against TLS endpoints\\\", \\\"Services crash due to memory corruption\\\", \\\"Legitimate TLS connections fail\\\"],\\n \\\"likely_targets\\\": \\\"Critical infrastructure TLS endpoints, VPN concentrators, embedded devices\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Update\\\",\\n \\\"mitigation_action\\\": [\\\"Immediately update ARM mbed TLS to version 1.3.22, 2.1.10, or 2.7.0 depending on branch in use\\\", \\\"Rebuild and redeploy all applications linked against vulnerable mbed TLS libraries\\\", \\\"Apply security updates to Debian 8.0 and 9.0 systems containing mbed TLS packages\\\"],\\n \\\"workarounds\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"patching_notes\\\": \\\"Critical cryptographic library update requires thorough testing of TLS functionality. Coordinate with application teams to ensure compatibility.\\\",\\n \\\"verification_steps\\\": [\\\"Verify mbed TLS version in deployed applications using version inspection tools\\\", \\\"Test TLS handshake functionality after patching\\\", \\\"Monitor for anomalous certificate chain processing in logs\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain previous library versions and application binaries for emergency rollback if compatibility issues arise\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for abnormally large or malformed certificate chains in TLS handshake logs\\\",\\n \\\"Detect repeated connection attempts with certificate verification failures\\\",\\n \\\"Hunt for process crashes in TLS/DTLS services (segfaults, memory dumps)\\\",\\n \\\"Search network traffic for certificate chains with unusual RSASSA-PSS signature patterns\\\",\\n \\\"Monitor for unexpected child process spawning from TLS service processes\\\",\\n \\\"Alert on certificate chain processing errors in mbed TLS log entries\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.04870\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High - affects cryptographic library used across embedded systems and Linux distributions\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Vendor advisory links\\\", \\\"Detailed technical analysis\\\", \\\"Proof-of-concept availability\\\", \\\"CISA KEV status\\\", \\\"Active exploitation evidence\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS score discrepancy: 4.8700 vs 0.04870 - using 0.04870 as it matches EPSS source format\\\"],\\n \\\"assumptions_made\\\": [\\\"High exploitability assumed from CVSS metrics despite lack of public PoC\\\", \\\"Network exposure assumed for affected systems\\\", \\\"RCE potential inferred from buffer overflow classification\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details confirmed but exploitation evidence and technical specifics limited\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://www.securityfocus.com/bid/103056\\\",\\n \\\"https://security.gentoo.org/glsa/201804-19\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"74\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2018-0488\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2018-0488\\\",\\n \\\"title\\\": \\\"ARM mbed TLS Heap Corruption via Crafted Application Packet\\\",\\n \\\"short_description\\\": \\\"ARM mbed TLS versions before 1.3.22, 2.1.10, and 2.7.0, when the truncated HMAC extension and CBC are used, allow remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability enables remote code execution or denial of service without authentication, directly over the network. It affects TLS/DTLS sessions when specific cryptographic configurations are enabled, making it relevant for any service using mbed TLS with truncated HMAC and CBC ciphers. The heap corruption mechanism can lead to complete system compromise of affected endpoints.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.0\\\",\\n \\\"cvss_base_score\\\": \\\"9.8\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\\\",\\n \\\"severity_label\\\": \\\"CRITICAL\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-787\\\"],\\n \\\"weakness_summary\\\": \\\"Heap-based buffer overflow in TLS/DTLS session handling when truncated HMAC extension and CBC ciphers are enabled.\\\",\\n \\\"attack_surface\\\": \\\"Network-exposed TLS/DTLS services using vulnerable mbed TLS library configurations.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"No explicit evidence of in-the-wild exploitation or public PoC was found in the input data. However, the low attack complexity and network-accessible nature make exploitation feasible.\\\",\\n \\\"evidence_signals\\\": [\\\"CVSS 3.0 base score 9.8 indicates critical severity\\\", \\\"No active exploitation signals reported in input data\\\", \\\"EPSS score 0.03563 (percentile 0.87224) suggests moderate exploitation likelihood\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"High - Urgent Verification\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"Critical CVSS score with RCE potential and network-accessible attack surface requires immediate verification of affected systems and configurations. While no active exploitation is reported, the vulnerability class and low complexity warrant urgent attention.\\\",\\n \\\"recommended_sla\\\": \\\"48 hours for verification and 7 days for remediation\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Complete compromise of confidentiality, integrity, and availability through remote code execution or denial of service.\\\",\\n \\\"technical_impact_details\\\": \\\"Heap corruption can lead to arbitrary code execution in the context of the vulnerable service, potentially compromising the entire system. DoS attacks can disrupt TLS/DTLS services.\\\",\\n \\\"blast_radius\\\": \\\"All systems running vulnerable mbed TLS versions with truncated HMAC and CBC ciphers enabled, particularly internet-facing TLS/DTLS endpoints.\\\",\\n \\\"business_risk_rating\\\": \\\"4\\\",\\n \\\"business_risk_justification\\\": \\\"High technical severity with RCE potential affects critical infrastructure components. While no active exploitation is reported, the vulnerability's age (2018) and moderate EPSS score suggest lower immediate threat, but the potential impact remains severe.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"ARM mbed TLS\\\", \\\"Debian Linux 8.0\\\", \\\"Debian Linux 9.0\\\"],\\n \\\"affected_versions\\\": \\\"ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0\\\",\\n \\\"fixed_versions\\\": \\\"ARM mbed TLS 1.3.22, 2.1.10, 2.7.0 and later\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires truncated HMAC extension and CBC ciphers to be enabled in TLS/DTLS configuration\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Critical - affects network-accessible TLS/DTLS services\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Remote Code Execution via TLS Session\\\",\\n \\\"attacker_goal\\\": \\\"Gain complete control over vulnerable TLS endpoint\\\",\\n \\\"steps_high_level\\\": [\\\"Identify target system using vulnerable mbed TLS version with truncated HMAC and CBC enabled\\\", \\\"Craft malicious application packet targeting heap corruption vulnerability\\\", \\\"Exploit heap corruption to achieve arbitrary code execution\\\"],\\n \\\"likely_targets\\\": \\\"Internet-facing TLS/DTLS servers, embedded systems, IoT devices using mbed TLS\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Denial of Service Attack\\\",\\n \\\"attacker_goal\\\": \\\"Disrupt TLS/DTLS service availability\\\",\\n \\\"steps_high_level\\\": [\\\"Send crafted application packet to vulnerable TLS/DTLS service\\\", \\\"Trigger heap corruption causing service crash\\\", \\\"Repeat to maintain service unavailability\\\"],\\n \\\"likely_targets\\\": \\\"Critical infrastructure services, embedded devices, network appliances\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Management\\\",\\n \\\"mitigation_action\\\": [\\\"Upgrade mbed TLS to version 1.3.22, 2.1.10, or 2.7.0 immediately on all affected systems\\\", \\\"Disable truncated HMAC extension and CBC ciphers if not required for compatibility\\\", \\\"Implement network segmentation to restrict access to vulnerable TLS/DTLS services\\\"],\\n \\\"workarounds\\\": \\\"Disable truncated HMAC extension and CBC cipher suites if compatibility allows\\\",\\n \\\"patching_notes\\\": \\\"Ensure all dependent applications are tested after library updates. Consider backward compatibility implications.\\\",\\n \\\"verification_steps\\\": [\\\"Inventory all systems using mbed TLS library\\\", \\\"Verify current library versions against affected versions\\\", \\\"Check TLS configuration for truncated HMAC and CBC usage\\\"],\\n \\\"rollback_considerations\\\": \\\"Test patches in non-production environment first. Maintain backup of previous library versions.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for unexpected process crashes or restarts of TLS/DTLS services\\\",\\n \\\"Search network logs for unusual TLS handshake patterns or malformed packets\\\",\\n \\\"Implement EDR monitoring for heap corruption indicators in TLS service processes\\\",\\n \\\"Scan for vulnerable mbed TLS versions using vulnerability assessment tools\\\",\\n \\\"Monitor for outbound connections from TLS services to suspicious destinations\\\",\\n \\\"Hunt for privilege escalation attempts following TLS service compromise\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.03563 (percentile: 0.87224)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High - affects cryptographic library used in embedded systems and IoT devices\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Vendor advisory links\\\", \\\"Detailed technical analysis\\\", \\\"Proof-of-concept availability\\\", \\\"CISA KEV status\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS scores show discrepancy between sources (3.5600 vs 0.03563)\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed CWE-787 based on heap corruption description\\\", \\\"Inferred attack scenarios from vulnerability class and CVSS metrics\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear but missing vendor-specific information and exploitation evidence\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://www.securityfocus.com/bid/103057\\\",\\n \\\"https://security.gentoo.org/glsa/201804-19\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"76\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2018-0498\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2018-0498\\\",\\n \\\"title\\\": \\\"ARM mbed TLS Cache-Based Side-Channel Information Disclosure\\\",\\n \\\"short_description\\\": \\\"ARM mbed TLS before 2.12.0, 2.7.5, and 2.1.14 allows local users to achieve partial plaintext recovery for CBC-based ciphersuites via a cache-based side-channel attack.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability enables local attackers to recover portions of plaintext from TLS sessions using CBC ciphersuites by exploiting cache timing side channels. While it requires local access and has high attack complexity, it directly undermines cryptographic confidentiality guarantees and could expose sensitive data protected by TLS. The weakness is particularly relevant in shared environments (cloud, containers, multi-tenant systems) where an attacker can co-locate malicious processes. Organizations using affected mbed TLS versions in embedded systems, IoT devices, or server applications should prioritize updates to prevent potential information disclosure.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.0\\\",\\n \\\"cvss_base_score\\\": \\\"4.7\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-200\\\"],\\n \\\"weakness_summary\\\": \\\"Information Exposure through side-channel analysis during CBC cipher operation in mbed TLS library.\\\",\\n \\\"attack_surface\\\": \\\"Local process execution with ability to monitor CPU cache timing during cryptographic operations.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Low\\\",\\n \\\"exploit_summary\\\": \\\"Cache-based side-channel attack requiring local access, high complexity, and ability to monitor cryptographic operations. No evidence of in-the-wild exploitation or public PoC found in input data.\\\",\\n \\\"evidence_signals\\\": [\\\"No CISA KEV listing\\\", \\\"No public exploit references in input\\\", \\\"EPSS score 0.00208 (low exploitation likelihood)\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"No\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"Low (local user privileges)\\\",\\n \\\"attack_complexity\\\": \\\"High\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity with local-only access requirement and high attack complexity reduces immediate risk, but cryptographic weaknesses should be patched systematically. Priority driven by potential for information disclosure in shared environments and availability of vendor fixes.\\\",\\n \\\"recommended_sla\\\": \\\"90 days for internet-facing systems; 180 days for internal systems\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Confidentiality Impact: High (partial plaintext recovery); Integrity/Availability: None\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation allows recovery of portions of encrypted plaintext from CBC-based TLS sessions. No system compromise or code execution. Impact limited to information disclosure of data in transit.\\\",\\n \\\"blast_radius\\\": \\\"Limited to systems running vulnerable mbed TLS versions with local attackers having process execution capabilities. Risk increases in shared hosting, containerized, or cloud environments.\\\",\\n \\\"business_risk_rating\\\": \\\"2\\\",\\n \\\"business_risk_justification\\\": \\\"Low business risk due to local-only access requirement and high complexity. However, organizations handling sensitive data or operating in regulated sectors should patch to maintain cryptographic assurance. Risk elevated in multi-tenant environments.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"ARM mbed TLS\\\", \\\"Debian Linux 8.0\\\", \\\"Debian Linux 9.0\\\"],\\n \\\"affected_versions\\\": \\\"ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14; Debian 8.0 and 9.0 (via package dependencies)\\\",\\n \\\"fixed_versions\\\": \\\"ARM mbed TLS 2.12.0, 2.7.5, 2.1.14 and later\\\",\\n \\\"configuration_dependencies\\\": \\\"Vulnerability affects CBC-based ciphersuites. Systems using alternative ciphersuites (e.g., GCM) may be less exposed.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Low direct relevance as attack requires local access. However, internet-facing systems using vulnerable versions should still be patched to maintain defense-in-depth.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Cloud Multi-Tenant Information Disclosure\\\",\\n \\\"attacker_goal\\\": \\\"Recover sensitive session data from co-located virtual machines\\\",\\n \\\"steps_high_level\\\": [\\\"Deploy malicious process on shared cloud infrastructure\\\", \\\"Monitor CPU cache timing patterns during victim's TLS operations\\\", \\\"Analyze cache side-channel to reconstruct partial plaintext from CBC-encrypted sessions\\\"],\\n \\\"likely_targets\\\": \\\"Cloud-hosted applications using vulnerable mbed TLS versions in shared environments\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Container Escape Information Gathering\\\",\\n \\\"attacker_goal\\\": \\\"Exfiltrate confidential data from containerized applications\\\",\\n \\\"steps_high_level\\\": [\\\"Compromise container with low privileges\\\", \\\"Execute cache-monitoring code within container context\\\", \\\"Exploit shared CPU resources to observe host cryptographic operations and recover plaintext fragments\\\"],\\n \\\"likely_targets\\\": \\\"Containerized services using affected mbed TLS library versions\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch Management\\\",\\n \\\"mitigation_action\\\": [\\\"Upgrade ARM mbed TLS to version 2.12.0, 2.7.5, or 2.1.14 immediately on all affected systems.\\\", \\\"Update Debian Linux distributions (8.0 and 9.0) with security patches addressing mbed TLS vulnerabilities.\\\", \\\"Disable CBC-based ciphersuites in TLS configuration where possible, preferring authenticated encryption modes like GCM.\\\"],\\n \\\"workarounds\\\": \\\"Consider disabling CBC ciphersuites if compatibility allows. Implement strict process isolation in multi-tenant environments. Monitor for unusual local process behavior.\\\",\\n \\\"patching_notes\\\": \\\"Vendor has released fixed versions. Test patches in non-production environments first. Verify library linkage and dependencies after updates.\\\",\\n \\\"verification_steps\\\": [\\\"Verify mbed TLS library version using 'mbedtls_version' function or package manager queries.\\\", \\\"Confirm CBC ciphersuite status in TLS configuration files and runtime settings.\\\", \\\"Test TLS connectivity and performance after patch application to ensure service continuity.\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous library versions. Document configuration changes for quick rollback if issues arise.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for unusual local process execution patterns, especially CPU-intensive operations during TLS sessions\\\",\\n \\\"Detect anomalous cache behavior or timing analysis tools execution on systems\\\",\\n \\\"Hunt for processes with high CPU cache miss rates coinciding with cryptographic operations\\\",\\n \\\"Alert on unauthorized local privilege escalation attempts that could enable side-channel attacks\\\",\\n \\\"Monitor TLS library loading events and version information for vulnerable instances\\\",\\n \\\"Search for network traffic patterns indicating plaintext recovery attempts or unusual data exfiltration\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"No evidence of active exploitation found in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00208\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - affects cryptographic library used in embedded systems and Linux distributions\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed vendor patch release dates\\\", \\\"Specific exploit technical details\\\", \\\"Complete list of affected downstream products\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS scores show discrepancy: 0.2100 vs 0.00208 - using 0.00208 as it's from dedicated EPSS source with recent date\\\", \\\"Limited information on exact conditions required for successful exploitation\\\"],\\n \\\"assumptions_made\\\": [\\\"Local access implies physical or remote shell access to target system\\\", \\\"CBC ciphersuite usage assumed common in affected deployments\\\", \\\"Multi-tenant environments increase risk despite local access requirement\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details confirmed from vendor advisory, but limited technical exploitation details available\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html\\\",\\n \\\"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"77\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2018-1000520\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2018-1000520\\\",\\n \\\"title\\\": \\\"ARM mbedTLS Ciphersuite Allows Incorrectly Signed Certificates\\\",\\n \\\"short_description\\\": \\\"ARM mbedTLS up to version 2.7.0 contains a vulnerability in mbedtls_ssl_get_verify_result() where ECDSA-signed certificates are incorrectly accepted when only RSA-signed ones should be allowed, specifically when negotiating TLS-ECDH-RSA-* ciphersuites.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows attackers to present ECDSA-signed certificates during TLS handshakes when the ciphersuite explicitly requires RSA signatures, bypassing certificate validation expectations and potentially enabling man-in-the-middle attacks or unauthorized access to encrypted communications.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.0\\\",\\n \\\"cvss_base_score\\\": \\\"7.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\\\",\\n \\\"severity_label\\\": \\\"HIGH\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"Not available / Not specified in input data\\\"],\\n \\\"weakness_summary\\\": \\\"Certificate validation bypass in TLS implementation where ECDSA signatures are incorrectly accepted for RSA-required ciphersuites\\\",\\n \\\"attack_surface\\\": \\\"TLS handshake negotiation, specifically affecting mbedtls_ssl_get_verify_result() function\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires network access to TLS endpoints and ability to negotiate TLS-ECDH-RSA-* ciphersuites, with no authentication or user interaction needed\\\",\\n \\\"evidence_signals\\\": [\\\"No explicit evidence of in-the-wild exploitation found in input data\\\", \\\"EPSS score indicates low current exploitation likelihood\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"High CVSS score (7.5) with integrity impact but no confidentiality loss; requires specific TLS ciphersuite configuration; EPSS indicates low current exploitation; affects TLS certificate validation which is critical but has limited attack surface\\\",\\n \\\"recommended_sla\\\": \\\"30-60 days for patching; immediate verification if TLS-ECDH-RSA ciphersuites are in use\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"High integrity impact with potential for authentication bypass and man-in-the-middle attacks\\\",\\n \\\"technical_impact_details\\\": \\\"Attackers can present ECDSA certificates when RSA signatures are expected, potentially bypassing certificate chain validation and enabling unauthorized TLS connections\\\",\\n \\\"blast_radius\\\": \\\"Limited to systems using mbedTLS with TLS-ECDH-RSA-* ciphersuites enabled; affects TLS certificate validation mechanism\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to authentication bypass potential, but limited to specific TLS configurations and requires attacker to control certificate material; no direct data exfiltration or system compromise without additional factors\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"ARM mbedTLS\\\"],\\n \\\"affected_versions\\\": \\\"2.7.0 and earlier\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires TLS-ECDH-RSA-* ciphersuites to be negotiated during TLS handshake\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High relevance for internet-facing TLS endpoints using mbedTLS with affected configurations\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"TLS Certificate Validation Bypass\\\",\\n \\\"attacker_goal\\\": \\\"Establish unauthorized TLS connections by presenting ECDSA certificates when RSA signatures are required\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker initiates TLS connection to mbedTLS-enabled server\\\", \\\"Negotiates TLS-ECDH-RSA-* ciphersuite\\\", \\\"Presents ECDSA-signed certificate instead of required RSA-signed certificate\\\", \\\"Server incorrectly accepts ECDSA certificate due to validation flaw\\\"],\\n \\\"likely_targets\\\": \\\"Internet-facing TLS services using mbedTLS with ECDH-RSA ciphersuites enabled\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Man-in-the-Middle Attack\\\",\\n \\\"attacker_goal\\\": \\\"Intercept and potentially modify encrypted communications by exploiting certificate validation weakness\\\",\\n \\\"steps_high_level\\\": [\\\"Position attacker between client and mbedTLS server\\\", \\\"Force TLS-ECDH-RSA-* ciphersuite negotiation\\\", \\\"Present attacker-controlled ECDSA certificate to establish MITM position\\\", \\\"Monitor or modify encrypted traffic through compromised TLS channel\\\"],\\n \\\"likely_targets\\\": \\\"Embedded systems and IoT devices using mbedTLS for secure communications\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Management\\\",\\n \\\"mitigation_action\\\": [\\\"Upgrade mbedTLS to version 2.7.1 or later to address the certificate validation issue\\\", \\\"Review and audit TLS ciphersuite configurations to identify systems using TLS-ECDH-RSA-* suites\\\", \\\"Implement certificate pinning or strict certificate validation policies for critical TLS connections\\\"],\\n \\\"workarounds\\\": \\\"Disable TLS-ECDH-RSA-* ciphersuites if not required for interoperability\\\",\\n \\\"patching_notes\\\": \\\"Verify patch compatibility with existing TLS implementations and test certificate validation behavior post-update\\\",\\n \\\"verification_steps\\\": [\\\"Test TLS handshake with ECDSA certificates against patched mbedTLS version\\\", \\\"Verify mbedtls_ssl_get_verify_result() correctly rejects ECDSA certificates for RSA-required ciphersuites\\\", \\\"Audit network traffic for any successful connections using the vulnerable configuration\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous mbedTLS version and configuration; monitor for TLS connection failures post-patch\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor TLS handshake logs for successful connections using TLS-ECDH-RSA-* ciphersuites with ECDSA certificates\\\",\\n \\\"Alert on certificate validation failures or unexpected certificate types in TLS connections\\\",\\n \\\"Hunt for network traffic patterns showing man-in-the-middle attempts against mbedTLS endpoints\\\",\\n \\\"Review certificate chains in TLS connections for ECDSA signatures when RSA is expected\\\",\\n \\\"Monitor for unusual TLS negotiation patterns or certificate validation bypass attempts\\\",\\n \\\"Implement network monitoring for connections that successfully complete despite certificate type mismatches\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00104\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - affects ARM mbedTLS library used in embedded systems and IoT devices\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"CWE identifiers\\\", \\\"Fixed version information\\\", \\\"Vendor advisory details\\\", \\\"Exploit availability status\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS score discrepancy between sources (0.1000 vs 0.00104)\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed ECDSA certificate acceptance constitutes security-relevant bypass\\\", \\\"Inferred attack complexity from CVSS vector components\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear but missing vendor patch information and exploit status\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://github.com/ARMmbed/mbedtls/issues/1561\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"79\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2018-9988\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2018-9988\\\",\\n \\\"title\\\": \\\"ARM mbed TLS Buffer Over-read in ssl_parse_server_key_exchange()\\\",\\n \\\"short_description\\\": \\\"ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 contains a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows remote attackers to cause denial of service (crash) via crafted input without authentication. While it does not directly enable code execution or information disclosure, it affects TLS handshake processing in a widely-used cryptographic library, potentially disrupting secure communications in embedded systems, IoT devices, and server applications that depend on mbed TLS.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"7.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\\\",\\n \\\"severity_label\\\": \\\"HIGH\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-126\\\"],\\n \\\"weakness_summary\\\": \\\"Buffer over-read in TLS handshake parsing function ssl_parse_server_key_exchange() allows reading beyond allocated memory boundaries when processing invalid input.\\\",\\n \\\"attack_surface\\\": \\\"Network-exposed TLS handshake processing; specifically the ServerKeyExchange message parsing during TLS/SSL negotiation.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires sending a malformed ServerKeyExchange message during TLS handshake. No authentication or user interaction needed; network access sufficient.\\\",\\n \\\"evidence_signals\\\": [\\\"No explicit evidence of in-the-wild exploitation found in input data\\\", \\\"EPSS score suggests moderate exploitation likelihood\\\", \\\"Public commit references indicate vendor acknowledgment and fix\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"High - Urgent Verification\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"High CVSS score (7.5) with network-accessible attack vector and availability impact. While no code execution, DoS in TLS library can disrupt critical secure communications. Requires immediate inventory verification and patching prioritization.\\\",\\n \\\"recommended_sla\\\": \\\"7 days for inventory and risk assessment; 30 days for patch deployment\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Availability: High (crash/DoS); Confidentiality: None; Integrity: None\\\",\\n \\\"technical_impact_details\\\": \\\"Remote unauthenticated attacker can cause application crash by sending crafted ServerKeyExchange message during TLS handshake, leading to service disruption.\\\",\\n \\\"blast_radius\\\": \\\"Medium to High - affects all systems using vulnerable mbed TLS versions for TLS connections. Embedded/IoT devices may be particularly impacted due to limited crash recovery mechanisms.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Significant availability risk for systems dependent on mbed TLS, especially in critical infrastructure or IoT deployments. No data breach risk, but service disruption potential is substantial. Moderate exploitation likelihood per EPSS metrics.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"ARM mbed TLS\\\", \\\"Debian Linux 8.0\\\", \\\"Debian Linux 9.0\\\"],\\n \\\"affected_versions\\\": \\\"ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 (including 2.8.0 RC1); Debian 8.0 and 9.0 (via package dependencies)\\\",\\n \\\"fixed_versions\\\": \\\"ARM mbed TLS 2.1.11, 2.7.2, 2.8.0 (final release)\\\",\\n \\\"configuration_dependencies\\\": \\\"Systems must have mbed TLS enabled for TLS/SSL connections; vulnerability triggers during TLS handshake with ServerKeyExchange message.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High - network-accessible systems using mbed TLS for TLS termination are directly exposed to remote exploitation.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"TLS Handshake DoS Attack\\\",\\n \\\"attacker_goal\\\": \\\"Cause service disruption by crashing mbed TLS-enabled applications\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker identifies target system using vulnerable mbed TLS version\\\", \\\"Crafts malformed ServerKeyExchange message with invalid parameters\\\", \\\"Initiates TLS handshake with target, triggering buffer over-read and crash\\\"],\\n \\\"likely_targets\\\": \\\"Embedded systems, IoT devices, network equipment, and servers using mbed TLS for secure communications\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Amplified DoS via TLS Reflection\\\",\\n \\\"attacker_goal\\\": \\\"Leverage multiple vulnerable systems for distributed DoS\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker identifies multiple internet-facing systems with vulnerable mbed TLS\\\", \\\"Automates crafted TLS handshake attempts across target range\\\", \\\"Causes cascading service failures affecting multiple endpoints\\\"],\\n \\\"likely_targets\\\": \\\"Cloud services, IoT platforms, and network infrastructure with mbed TLS exposure\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch Management\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade mbed TLS to version 2.1.11, 2.7.2, or 2.8.0 (final) immediately, prioritizing internet-facing systems.\\\",\\n \\\"Deploy network-level controls (WAF, IPS) to detect and block malformed TLS handshake packets targeting ServerKeyExchange parsing.\\\",\\n \\\"Implement health monitoring and automatic restart mechanisms for mbed TLS-dependent services to minimize DoS impact.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Restrict network access to mbed TLS services using firewall rules or network segmentation; monitor for anomalous TLS handshake patterns.\\\",\\n \\\"patching_notes\\\": \\\"Patches available via ARM mbed TLS GitHub repository commits 027f84c69f4ef30c0693832a6c396ef19e563ca1 and a1098f81c252b317ad34ea978aea2bc47760b215. Debian users should update system packages.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify mbed TLS version in use across all systems via asset inventory and dependency scanning.\\\",\\n \\\"Test patch deployment in non-production environment with simulated malformed TLS handshake traffic.\\\",\\n \\\"Monitor application logs for TLS handshake failures and crash events post-patch.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain pre-patch backups and test rollback procedures; ensure compatibility with existing TLS configurations and dependent applications.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for repeated TLS handshake failures or connection resets from single sources targeting ServerKeyExchange phase.\\\",\\n \\\"Deploy IDS/IPS rules detecting malformed TLS packets with anomalous ServerKeyExchange message structures.\\\",\\n \\\"Hunt for process crashes or core dumps in mbed TLS-enabled applications, correlating with network connection attempts.\\\",\\n \\\"Analyze network traffic for unusual TLS version negotiation patterns or incomplete handshakes.\\\",\\n \\\"Implement application health checks detecting mbed TLS service unavailability or restart loops.\\\",\\n \\\"Review firewall and WAF logs for connection attempts with crafted TLS parameters targeting internal systems.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00467 (percentile: 0.63616)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - mbed TLS is embedded in numerous IoT devices, network equipment, and software libraries, creating supply chain exposure.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed vendor advisory link\\\", \\\"Exploit code availability confirmation\\\", \\\"CISA KEV status\\\", \\\"Specific affected product versions beyond CPE ranges\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS score discrepancy between sources (0.4700 vs 0.00467) - using most recent EPSS value\\\", \\\"Limited detail on Debian package-specific versions affected\\\"],\\n \\\"assumptions_made\\\": [\\\"Buffer over-read classification as CWE-126 based on description\\\", \\\"DoS impact limited to crash without code execution based on vendor description\\\", \\\"Moderate exploitation likelihood inferred from CVSS metrics and EPSS\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details and affected versions are clear, but exploitation evidence and specific impact scope require additional vendor documentation.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://github.com/ARMmbed/mbedtls/commit/027f84c69f4ef30c0693832a6c396ef19e563ca1\\\",\\n \\\"https://github.com/ARMmbed/mbedtls/commit/a1098f81c252b317ad34ea978aea2bc47760b215\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"80\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2018-9989\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2018-9989\\\",\\n \\\"title\\\": \\\"ARM mbed TLS Buffer Over-read in ssl_parse_server_psk_hint()\\\",\\n \\\"short_description\\\": \\\"ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows unauthenticated remote attackers to cause denial of service (crash) via network-sourced invalid input. While it does not directly enable code execution or data exfiltration, it affects a core TLS library used in embedded systems and servers, potentially disrupting secure communications and service availability.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"7.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\\\",\\n \\\"severity_label\\\": \\\"HIGH\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-126\\\"],\\n \\\"weakness_summary\\\": \\\"Buffer over-read in TLS PSK hint parsing function leading to application crash.\\\",\\n \\\"attack_surface\\\": \\\"Network-exposed TLS service endpoints using mbed TLS with PSK cipher suites enabled.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitable over network without authentication; low complexity but limited to denial of service impact.\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of in-the-wild exploitation in input data\\\", \\\"No public proof-of-concept references in input data\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"High CVSS score due to availability impact on network-accessible services, but limited to DoS rather than code execution. Priority driven by exposure of affected TLS services and business criticality.\\\",\\n \\\"recommended_sla\\\": \\\"30-60 days depending on exposure and compensating controls\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Availability: High (service crash); Confidentiality/Integrity: None\\\",\\n \\\"technical_impact_details\\\": \\\"Remote unauthenticated attacker can trigger buffer over-read in PSK hint parsing, causing application termination and service disruption.\\\",\\n \\\"blast_radius\\\": \\\"All mbed TLS instances with PSK cipher suites enabled and exposed to network input; embedded devices and servers using affected versions.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"DoS impact on critical services could disrupt operations, but no data compromise risk. Risk elevated if used in internet-facing or high-availability systems without redundancy.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"ARM mbed TLS\\\", \\\"Debian Linux 8.0\\\", \\\"Debian Linux 9.0\\\"],\\n \\\"affected_versions\\\": \\\"ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0; Debian 8.0 and 9.0 distributions\\\",\\n \\\"fixed_versions\\\": \\\"ARM mbed TLS 2.1.11, 2.7.2, 2.8.0 and later\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires PSK cipher suites to be enabled and network-accessible TLS service endpoints.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Critical if mbed TLS services are internet-facing; moderate for internal network exposure.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Remote DoS via Malformed PSK Hint\\\",\\n \\\"attacker_goal\\\": \\\"Cause service disruption by crashing TLS service\\\",\\n \\\"steps_high_level\\\": [\\\"Craft malformed TLS handshake with invalid PSK hint\\\", \\\"Send to vulnerable mbed TLS service endpoint\\\", \\\"Trigger buffer over-read and application crash\\\"],\\n \\\"likely_targets\\\": \\\"Internet-facing embedded devices, IoT gateways, or servers using mbed TLS with PSK authentication\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Internal Network Service Disruption\\\",\\n \\\"attacker_goal\\\": \\\"Disrupt internal secure communication channels\\\",\\n \\\"steps_high_level\\\": [\\\"Identify internal services using mbed TLS with PSK\\\", \\\"Send crafted packets to vulnerable service\\\", \\\"Cause repeated crashes to maintain service unavailability\\\"],\\n \\\"likely_targets\\\": \\\"Internal network devices, industrial control systems, or embedded appliances using affected mbed TLS versions\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Hardening\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Update mbed TLS to version 2.1.11, 2.7.2, or 2.8.0+ immediately for all affected systems.\\\",\\n \\\"Disable PSK cipher suites if not required for operational functionality to reduce attack surface.\\\",\\n \\\"Implement network segmentation and access controls to limit exposure of mbed TLS services to untrusted networks.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disable PSK cipher suites if not needed; implement rate limiting and connection throttling to reduce impact of repeated attack attempts.\\\",\\n \\\"patching_notes\\\": \\\"Apply vendor-provided patches; test in non-production environment first; coordinate with change management for critical systems.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify mbed TLS version is 2.1.11+ or 2.7.2+ or 2.8.0+ using version query commands or library inspection.\\\",\\n \\\"Confirm PSK cipher suite configuration matches security hardening requirements.\\\",\\n \\\"Test TLS service functionality post-patch to ensure no regression in secure communication capabilities.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous mbed TLS library versions and configuration files; document rollback procedures for emergency scenarios.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for unexpected process crashes or service restarts of applications using mbed TLS.\\\",\\n \\\"Search network logs for malformed TLS handshake patterns or repeated connection attempts to PSK-enabled services.\\\",\\n \\\"Deploy IDS/IPS rules to detect and block crafted TLS packets targeting PSK hint parsing.\\\",\\n \\\"Hunt for anomalous network traffic patterns to mbed TLS service ports from untrusted sources.\\\",\\n \\\"Review system logs for error messages related to buffer over-read or memory access violations in TLS parsing functions.\\\",\\n \\\"Correlate availability monitoring alerts with network traffic spikes to identify potential DoS attempts.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00467\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - affects embedded systems and Linux distributions; potential cascading impact on devices using vulnerable TLS library\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed affected version ranges for Debian distributions\\\", \\\"Vendor-specific advisory links\\\", \\\"Exploit maturity assessment\\\", \\\"CISA KEV status\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS score discrepancy: 0.4700 vs 0.00467 - using 0.00467 as it's from dedicated EPSS source with recent date\\\", \\\"Limited information on specific conditions required to trigger vulnerability\\\"],\\n \\\"assumptions_made\\\": [\\\"PSK cipher suites must be enabled for vulnerability exposure\\\", \\\"No evidence of active exploitation assumed from absence of KEV or PoC references\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details and affected versions are clear, but limited exploit intelligence and configuration specifics reduce confidence in blast radius assessment\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://github.com/ARMmbed/mbedtls/commit/5224a7544c95552553e2e6be0b4a789956a6464e\\\",\\n \\\"https://github.com/ARMmbed/mbedtls/commit/740b218386083dc708ce98ccc94a63a95cd5629e\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"82\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2019-18222\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2019-18222\\\",\\n \\\"title\\\": \\\"Arm Mbed TLS/Crypto ECDSA Side-Channel Information Leak\\\",\\n \\\"short_description\\\": \\\"The ECDSA signature implementation in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, allowing a local attacker to recover the private key via side-channel attacks.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows an attacker with local access to recover ECDSA private keys through side-channel analysis, leading to complete compromise of cryptographic identity and trust. It undermines the confidentiality of private keys used for authentication, code signing, and secure communication channels. While exploitation requires local access and precise timing measurements, successful key recovery breaks the fundamental security guarantees of ECDSA and can enable persistent access, impersonation, or decryption of captured traffic.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"4.7\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-203: Observable Discrepancy\\\"],\\n \\\"weakness_summary\\\": \\\"The implementation flaw creates a timing side-channel during ECDSA signature generation where the blinded scalar is not properly reduced before inversion, leaking information about the private key through measurable timing differences.\\\",\\n \\\"attack_surface\\\": \\\"Local cryptographic operations using ECDSA signatures in affected Mbed TLS/Mbed Crypto versions; requires ability to measure timing of signature operations.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires local access with low privileges and high attack complexity to perform precise timing measurements and statistical analysis to recover private keys.\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of in-the-wild exploitation in input data\\\", \\\"EPSS score indicates low exploitation likelihood (0.00079)\\\", \\\"Side-channel attack requires specialized measurement capabilities\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"No (local access required)\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"Low (local user access)\\\",\\n \\\"attack_complexity\\\": \\\"High (requires precise timing measurements and statistical analysis)\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity side-channel vulnerability requiring local access and high technical complexity for exploitation. While the impact of private key recovery is severe, the attack prerequisites and complexity limit immediate risk. Priority should be given to patching in environments with shared systems, multi-tenant architectures, or where timing measurements are feasible.\\\",\\n \\\"recommended_sla\\\": \\\"90 days for standard deployments; 30 days for high-risk environments with shared access or cryptographic workloads\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"High confidentiality impact (private key recovery), no integrity or availability impact\\\",\\n \\\"technical_impact_details\\\": \\\"Complete compromise of ECDSA private keys used in affected implementations. Attackers can forge signatures, impersonate legitimate entities, decrypt captured communications, or establish persistent unauthorized access using stolen cryptographic credentials.\\\",\\n \\\"blast_radius\\\": \\\"Limited to systems running affected Mbed TLS/Mbed Crypto versions with ECDSA usage. Impact extends to all services and communications protected by compromised keys. Supply chain effects possible if keys are used across multiple systems.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to high technical complexity reducing likelihood, but severe impact if exploited. Risk increases in shared hosting environments, cloud deployments, or systems processing sensitive cryptographic operations where timing measurements are feasible. Organizations using ECDSA for critical authentication or signing operations face elevated risk.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Arm Mbed Crypto\\\", \\\"Arm Mbed TLS\\\", \\\"Fedora 30\\\", \\\"Fedora 31\\\", \\\"Debian Linux 10.0\\\"],\\n \\\"affected_versions\\\": \\\"Mbed Crypto 2.1; Mbed TLS through 2.19.1; Fedora 30, 31; Debian 10.0\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"ECDSA signature functionality must be enabled and actively used. Systems not utilizing ECDSA signatures are not vulnerable.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Indirect relevance - while attack requires local access, compromised keys from internet-facing systems could enable broader network compromise. Internal systems using ECDSA for authentication or secure communications are also at risk.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Shared Hosting Key Extraction\\\",\\n \\\"attacker_goal\\\": \\\"Recover private keys from co-located services to impersonate legitimate services or decrypt traffic\\\",\\n \\\"steps_high_level\\\": [\\\"Gain low-privilege access to shared hosting environment\\\", \\\"Execute timing measurement tools to observe ECDSA signature operations\\\", \\\"Perform statistical analysis to recover private key bits\\\", \\\"Use recovered key to forge signatures or decrypt captured communications\\\"],\\n \\\"likely_targets\\\": \\\"Cloud services, shared hosting platforms, multi-tenant systems running affected Mbed TLS versions\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Supply Chain Compromise via Developer Systems\\\",\\n \\\"attacker_goal\\\": \\\"Extract signing keys from development/build systems to compromise software supply chain\\\",\\n \\\"steps_high_level\\\": [\\\"Compromise developer workstation or build server with low privileges\\\", \\\"Monitor ECDSA signing operations during build/package processes\\\", \\\"Recover code signing private key through side-channel analysis\\\", \\\"Use compromised key to sign malicious updates or packages\\\"],\\n \\\"likely_targets\\\": \\\"Development environments, CI/CD pipelines, code signing infrastructure using affected cryptographic libraries\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Management\\\",\\n \\\"mitigation_action\\\": [\\\"Upgrade Mbed TLS to version 2.19.1 or later and Mbed Crypto beyond 2.1 to address the side-channel vulnerability.\\\", \\\"Implement strict access controls to limit local access to systems performing cryptographic operations and reduce attack surface.\\\", \\\"Deploy monitoring for unusual timing measurement tools or processes on systems handling cryptographic operations.\\\"],\\n \\\"workarounds\\\": \\\"Disable ECDSA signature functionality if not required; use alternative cryptographic algorithms (RSA) where feasible; implement process isolation to prevent timing measurements; use dedicated cryptographic hardware modules.\\\",\\n \\\"patching_notes\\\": \\\"Verify that patched versions properly reduce the blinded scalar before computing the inverse in ECDSA operations. Test cryptographic functionality after patching to ensure compatibility.\\\",\\n \\\"verification_steps\\\": [\\\"Confirm Mbed TLS/Mbed Crypto versions are updated beyond vulnerable releases\\\", \\\"Verify ECDSA signature operations function correctly post-patch\\\", \\\"Review access controls and monitoring for systems performing cryptographic operations\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain backups of cryptographic keys and configurations before patching. Test rollback procedures in non-production environments to ensure business continuity if patch causes compatibility issues.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for timing measurement tools (perf, rdtsc, timing attacks) on systems using Mbed TLS\\\",\\n \\\"Alert on unusual process monitoring of cryptographic operations or key material access\\\",\\n \\\"Hunt for statistical analysis tools or custom scripts performing timing measurements\\\",\\n \\\"Detect anomalous ECDSA signature patterns or repeated signature operations from single sources\\\",\\n \\\"Monitor for unauthorized use of recovered keys (signature verification failures, unexpected key usage)\\\",\\n \\\"Implement entropy and timing anomaly detection for cryptographic operations\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00079\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High - vulnerability in cryptographic library used across multiple products and distributions (Fedora, Debian). Compromised keys could enable supply chain attacks through signed malicious updates or packages.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Fixed versions not specified\\\", \\\"Detailed vendor advisory links missing\\\", \\\"No CISA KEV status information\\\", \\\"Limited exploit technical details\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS scores show discrepancy: 0.0800 vs 0.00079 - using 0.00079 as it's from dedicated EPSS source\\\", \\\"Affected products list includes operating systems but primary vulnerability is in cryptographic library\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed 'through 2.19.1' means versions up to and including 2.19.1 are vulnerable\\\", \\\"Interpreted local access as requiring ability to execute code and measure timing\\\", \\\"Assumed ECDSA functionality must be actively used for vulnerability to be exploitable\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear, but missing patch information and exploit specifics limit complete assessment. CVSS metrics and EPSS scores provide reasonable confidence in exploitability assessment.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html\\\",\\n \\\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3GWQNONS7GRORXZJ7MOJFUEJ2ZJ4OUW/\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"48\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2017-13081\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2017-13081\\\",\\n \\\"title\\\": \\\"WPA2 Group Key Handshake IGTK Reinstallation Vulnerability\\\",\\n \\\"short_description\\\": \\\"Wi-Fi Protected Access (WPA and WPA2) implementations supporting IEEE 802.11w are vulnerable to Integrity Group Temporal Key (IGTK) reinstallation during the group key handshake, enabling attackers within radio range to spoof frames from access points to clients.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows an attacker within radio range to spoof management frames from an access point to clients, potentially leading to denial of service, client disconnection, or manipulation of group-addressed traffic. It is part of the KRACK (Key Reinstallation Attack) family and affects a wide range of Wi-Fi implementations across operating systems and embedded devices, undermining the cryptographic integrity assurances of WPA2.\\\",\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.0\\\",\\n \\\"cvss_base_score\\\": \\\"5.3\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-323\\\"],\\n \\\"weakness_summary\\\": \\\"The vulnerability stems from improper handling of the group key handshake, specifically allowing reinstallation of the IGTK. This breaks the forward secrecy guarantee and enables replay or injection of group-addressed frames.\\\",\\n \\\"attack_surface\\\": \\\"Wireless networks using WPA/WPA2 with IEEE 802.11w (management frame protection) enabled. Attackers must be within radio range to intercept and manipulate handshake messages.\\\"\\n },\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Public PoC\\\",\\n \\\"exploit_summary\\\": \\\"Public proof-of-concept tools for KRACK attacks exist, demonstrating practical exploitation. The attack requires proximity to the target network and the ability to capture and replay handshake messages.\\\",\\n \\\"evidence_signals\\\": [\\\"Public PoC tools for KRACK attacks are widely available.\\\", \\\"CVSS 3.0 vector indicates adjacent network access and high attack complexity.\\\", \\\"No explicit evidence of active in-the-wild exploitation in the input data.\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Adjacent (wireless radio range)\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"High\\\"\\n }\\n },\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"While the vulnerability has a public PoC and affects core Wi-Fi security, the CVSS score is medium (5.3), attack complexity is high, and no active exploitation is reported. It requires physical proximity and does not directly lead to code execution or data exfiltration. Prioritize patching during regular maintenance cycles, focusing on internet-facing or high-sensitivity environments first.\\\",\\n \\\"recommended_sla\\\": \\\"Patch within 90 days for general assets; 30 days for critical or internet-facing wireless infrastructure.\\\"\\n },\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Integrity impact is high (I:H), with no confidentiality or availability impact per CVSS. Attackers can spoof group-addressed frames, potentially causing client disconnections or injecting malicious content into group traffic.\\\",\\n \\\"technical_impact_details\\\": \\\"The reinstallation of IGTK allows an attacker to replay or forge group-addressed frames (e.g., ARP, DHCP, or other multicast/broadcast traffic). This could be leveraged for denial of service (deauthentication), session hijacking, or man-in-the-middle attacks against group communications.\\\",\\n \\\"blast_radius\\\": \\\"All wireless clients and access points using WPA/WPA2 with 802.11w support are potentially affected. The impact is localized to the wireless segment but can affect all devices connected to the same SSID.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"The vulnerability poses a moderate business risk due to the need for physical proximity, high attack complexity, and lack of direct data exfiltration. However, it can disrupt wireless services, impact productivity, and be combined with other attacks to escalate privileges or cause operational disruption.\\\"\\n },\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"w1.fi hostapd\\\", \\\"w1.fi wpa_supplicant\\\", \\\"Ubuntu Linux\\\", \\\"Debian Linux\\\", \\\"FreeBSD\\\", \\\"Red Hat Enterprise Linux\\\", \\\"SUSE Linux Enterprise\\\", \\\"OpenSUSE Leap\\\"],\\n \\\"affected_versions\\\": \\\"Multiple versions of hostapd and wpa_supplicant up to 2.6; various OS versions including Ubuntu 14.04/16.04/17.04, Debian 8.0/9.0, FreeBSD 10/11, RHEL 7, SUSE Linux Enterprise 11/12, OpenSUSE Leap 42.2/42.3.\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires WPA/WPA2 with IEEE 802.11w (management frame protection) support. Not all implementations or configurations may be vulnerable; check vendor advisories for specific details.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Wireless networks with internet-facing access points or guest networks are at higher risk due to increased attacker proximity potential. Internal corporate wireless networks are also affected if attackers gain physical access.\\\"\\n },\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Wireless Client Disruption\\\",\\n \\\"attacker_goal\\\": \\\"Disrupt wireless connectivity for targeted clients or entire network segments.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker within radio range captures group key handshake messages.\\\", \\\"Attacker replays or manipulates handshake to force IGTK reinstallation.\\\", \\\"Attacker forges deauthentication or disassociation frames using the compromised IGTK.\\\", \\\"Targeted clients are forcibly disconnected from the network.\\\"],\\n \\\"likely_targets\\\": \\\"Corporate wireless networks, public Wi-Fi hotspots, IoT devices relying on wireless connectivity.\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Group Traffic Manipulation\\\",\\n \\\"attacker_goal\\\": \\\"Inject malicious content into group-addressed traffic to compromise clients or escalate attacks.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker compromises IGTK through handshake manipulation.\\\", \\\"Attacker forges group-addressed frames (e.g., ARP spoofing, rogue DHCP responses).\\\", \\\"Malicious frames are accepted by clients due to valid IGTK integrity check.\\\", \\\"Clients process malicious traffic, potentially leading to further exploitation (e.g., MITM).\\\"],\\n \\\"likely_targets\\\": \\\"Networks with sensitive multicast/broadcast applications, IoT devices, or environments where group traffic is trusted.\\\"\\n }\\n ],\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch Management and Configuration Hardening\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Apply vendor-provided patches for hostapd, wpa_supplicant, and operating system Wi-Fi drivers to prevent IGTK reinstallation.\\\",\\n \\\"Disable IEEE 802.11w management frame protection if not required, though this may reduce security; prefer patching over disabling.\\\",\\n \\\"Implement network segmentation and monitoring to detect anomalous wireless activity, such as repeated deauthentications or forged frames.\\\"\\n ],\\n \\\"workarounds\\\": \\\"If patching is not immediately feasible, consider temporarily disabling 802.11w (if supported) or restricting physical access to wireless networks. However, these are not recommended long-term solutions.\\\",\\n \\\"patching_notes\\\": \\\"Coordinate patching with change control processes, ensuring compatibility with existing wireless infrastructure. Test patches in a non-production environment first. Prioritize access points and clients in high-risk areas.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify patch installation by checking hostapd/wpa_supplicant versions against vendor advisories.\\\",\\n \\\"Conduct wireless penetration testing to confirm the vulnerability is mitigated.\\\",\\n \\\"Monitor wireless logs for signs of attempted KRACK attacks or anomalous frame patterns.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Ensure backup configurations are available before patching. If issues arise, rollback to previous versions and implement temporary mitigations while investigating.\\\"\\n },\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor wireless logs for repeated group key handshake failures or anomalies.\\\",\\n \\\"Use wireless intrusion detection systems (WIDS) to detect KRACK attack patterns, such as replayed handshake messages.\\\",\\n \\\"Analyze network traffic for unexpected deauthentication or disassociation frames from access points.\\\",\\n \\\"Hunt for clients experiencing frequent disconnections or connectivity issues that may indicate active exploitation.\\\",\\n \\\"Correlate wireless events with endpoint logs to identify potential IGTK reinstallation attempts.\\\",\\n \\\"Deploy honeypot access points to attract and detect attackers attempting KRACK exploits.\\\"\\n ],\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Public PoC tools for KRACK attacks are available, but specific references are not provided in the input data.\\\",\\n \\\"epss\\\": \\\"0.00257\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High - Affects multiple operating systems and embedded devices, making it a supply chain concern for IoT and network infrastructure vendors.\\\"\\n },\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Fixed versions\\\", \\\"Vendor advisory links\\\", \\\"CISA KEV status\\\", \\\"Explicit evidence of in-the-wild exploitation\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS score discrepancy: EUVD reports 0.2500, while EPSS source reports 0.00257. Using EPSS source value as authoritative.\\\", \\\"Severity label 'MEDIUM' conflicts with potential high impact of KRACK attacks; however, CVSS score of 5.3 aligns with medium.\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed that public PoC tools for KRACK attacks are applicable to this specific IGTK vulnerability.\\\", \\\"Assumed that patching will fully mitigate the vulnerability, though some configurations may require additional measures.\\\"],\\n \\\"confidence\\\": \\\"Medium - Input data lacks explicit exploitation evidence and fixed versions, but provides sufficient CVSS and affected product details for triage.\\\"\\n },\\n \\\"references\\\": [\\n \\\"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html\\\",\\n \\\"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html\\\"\\n ],\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"112\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2024-28836\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2024-28836\\\",\\n \\\"title\\\": \\\"Mbed TLS Server-Side TLS Version Negotiation Infinite Loop DoS\\\",\\n \\\"short_description\\\": \\\"Mbed TLS 3.5.x before 3.6.0 contains a server-side TLS version negotiation flaw. When TLS 1.2 is disabled (build-time or runtime), a TLS 1.2 client can trigger an infinite loop processing a TLS 1.2 ClientHello, causing denial of service. If disabled at runtime, a TLS 1.2 client may successfully establish a TLS 1.2 connection contrary to configuration intent.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows unauthenticated network attackers to cause persistent DoS against TLS 1.3-only servers by exhausting CPU resources through infinite loop conditions. The runtime disable bypass undermines security posture enforcement, potentially allowing downgrade to weaker TLS versions. Given Mbed TLS's embedded/IoT deployment footprint, this could affect availability of constrained devices with limited watchdog/recovery mechanisms.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"5.4\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-835\\\"],\\n \\\"weakness_summary\\\": \\\"Loop with Unreachable Exit Condition (Infinite Loop) in TLS version negotiation logic when TLS 1.2 implementation is disabled but ClientHello processing continues.\\\",\\n \\\"attack_surface\\\": \\\"TLS server-side version negotiation; specifically the ClientHello message processing path in Mbed TLS library.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires network access to TLS server and ability to send crafted TLS 1.2 ClientHello. No authentication or user interaction needed. Attack complexity is low, but impact is primarily availability (DoS) with minor confidentiality/integrity implications.\\\",\\n \\\"evidence_signals\\\": [\\\"EPSS score 0.00331 (0.55 percentile) suggests low observed exploitation as of 2025-11-23\\\", \\\"No CISA KEV or public PoC references in input data\\\", \\\"Vendor advisory published 2024-04-03 with fix in Mbed TLS 3.6.0\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes - remote attacker must reach TLS server endpoint\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"Low (CVSS:PR:L) - may require ability to initiate TLS handshake\\\",\\n \\\"attack_complexity\\\": \\\"Low (CVSS:AC:L) - straightforward packet crafting\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity DoS with low attack complexity but limited impact scope (availability only for affected configurations). EPSS suggests low real-world exploitation. Priority driven by potential service disruption in TLS 1.3-only deployments with disabled TLS 1.2 implementations.\\\",\\n \\\"recommended_sla\\\": \\\"Patch within 90 days; apply sooner if Mbed TLS servers are internet-facing or in critical availability zones.\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Availability impact (High) with minor Confidentiality/Integrity implications due to potential runtime disable bypass.\\\",\\n \\\"technical_impact_details\\\": \\\"Infinite loop consumes 100% CPU on affected server thread/core, causing complete DoS for TLS service. If TLS 1.2 disabled at runtime, successful downgrade undermines security posture. No direct code execution or information disclosure.\\\",\\n \\\"blast_radius\\\": \\\"Limited to Mbed TLS 3.5.x deployments with TLS 1.2 disabled. Embedded/IoT devices may lack automatic recovery mechanisms, extending outage duration. Single client can trigger DoS affecting all users of targeted service.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk: DoS impact is significant for availability-critical services, but exploitation requires specific configuration (TLS 1.2 disabled) and affects only Mbed TLS 3.5.x versions. Low EPSS and no active exploitation reports reduce immediate threat. Risk elevated for internet-facing services and embedded devices with limited monitoring.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Arm Mbed TLS\\\"],\\n \\\"affected_versions\\\": \\\"3.5.x versions before 3.6.0\\\",\\n \\\"fixed_versions\\\": \\\"3.6.0\\\",\\n \\\"configuration_dependencies\\\": \\\"Vulnerability manifests when TLS 1.2 implementation is disabled at build time (infinite loop DoS) or runtime (bypass + potential DoS).\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High relevance for internet-facing TLS endpoints using Mbed TLS 3.5.x with TLS 1.2 disabled. Internal services with network access also vulnerable to authenticated attackers.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"DoS Against TLS 1.3-Only Server\\\",\\n \\\"attacker_goal\\\": \\\"Cause service unavailability by exhausting server CPU resources\\\",\\n \\\"steps_high_level\\\": [\\\"Identify target server running Mbed TLS 3.5.x with TLS 1.2 disabled\\\", \\\"Craft TLS 1.2 ClientHello message with valid but unexpected version fields\\\", \\\"Send crafted packet to target server's TLS port\\\", \\\"Observe infinite loop consuming CPU; service becomes unresponsive\\\"],\\n \\\"likely_targets\\\": \\\"Internet-facing HTTPS servers, IoT devices, embedded systems using Mbed TLS with TLS 1.2 disabled\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"TLS Version Downgrade Bypass\\\",\\n \\\"attacker_goal\\\": \\\"Establish TLS 1.2 connection despite runtime disable configuration\\\",\\n \\\"steps_high_level\\\": [\\\"Identify target server with TLS 1.2 disabled at runtime (not build time)\\\", \\\"Initiate standard TLS 1.2 handshake with target server\\\", \\\"Server incorrectly processes ClientHello and negotiates TLS 1.2\\\", \\\"Attacker achieves connection using weaker TLS version contrary to security policy\\\"],\\n \\\"likely_targets\\\": \\\"Security-conscious organizations enforcing TLS 1.3-only policies on Mbed TLS servers\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Hardening\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade Mbed TLS to version 3.6.0 or later immediately, especially for internet-facing endpoints.\\\",\\n \\\"Implement rate limiting and connection throttling on TLS handshake processing to reduce DoS impact.\\\",\\n \\\"Deploy network-based DoS protection (WAF, IPS, or DDoS mitigation) to filter malicious TLS handshakes before reaching Mbed TLS servers.\\\"\\n ],\\n \\\"workarounds\\\": \\\"If immediate patching is not feasible, consider temporarily re-enabling TLS 1.2 at runtime (not recommended due to security posture degradation) or implementing external watchdog mechanisms to restart affected services.\\\",\\n \\\"patching_notes\\\": \\\"Mbed TLS 3.6.0 contains the complete fix. Verify that TLS 1.2 disable functionality works as intended post-upgrade. Test TLS version negotiation thoroughly in staging environment before production deployment.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Confirm Mbed TLS version is 3.6.0 or later using library version APIs or package management queries.\\\",\\n \\\"Test TLS 1.2 disable functionality by attempting TLS 1.2 handshake and verifying proper rejection.\\\",\\n \\\"Monitor CPU utilization and TLS handshake success rates for anomalies indicating exploitation attempts.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain previous Mbed TLS version binaries and configuration backups. If patch introduces compatibility issues, rollback may be necessary with increased monitoring for DoS attempts.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor CPU utilization spikes (>90% sustained) on Mbed TLS server processes, particularly single-threaded scenarios.\\\",\\n \\\"Alert on repeated TLS handshake failures or incomplete handshakes from single IP addresses targeting TLS 1.3-only ports.\\\",\\n \\\"Hunt for network traffic showing TLS 1.2 ClientHello messages sent to servers configured for TLS 1.3-only operation.\\\",\\n \\\"Correlate TLS version negotiation logs with server availability metrics to identify potential DoS conditions.\\\",\\n \\\"Implement synthetic monitoring to periodically test TLS version negotiation from external vantage points.\\\",\\n \\\"Search for anomalous TLS handshake patterns in packet captures, focusing on ClientHello message structure and version fields.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00331 (percentile: 0.55451) as of 2025-11-23\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Mbed TLS is widely used in embedded systems, IoT devices, and as a cryptographic library dependency. Vulnerable versions in supply chain could affect multiple downstream products.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed affected version ranges beyond '3.5.x before 3.6.0'\\\", \\\"Specific build-time configuration requirements\\\", \\\"Vendor statements on exploitation status\\\", \\\"CISA KEV status\\\", \\\"Detailed CPE version matching rules\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"CVSS vector shows PR:L (Low privileges) but description suggests unauthenticated attack possible\\\", \\\"Description mentions both infinite loop DoS and successful TLS 1.2 connection establishment - clarification needed on which condition applies when\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed 'Low privileges required' in CVSS refers to ability to initiate TLS handshake\\\", \\\"Interpreted 'TLS 1.2 client' as any client capable of sending TLS 1.2 ClientHello\\\", \\\"Assumed infinite loop affects single thread/core based on typical TLS server architecture\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details confirmed through vendor advisory and CVE description, but some technical specifics (exact trigger conditions, CPU impact scope) require additional documentation.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0\\\",\\n \\\"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"96\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2021-24119\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2021-24119\\\",\\n \\\"title\\\": \\\"Mbed TLS 2.24.0 Side-Channel Information Leak in Base64 PEM Decoding\\\",\\n \\\"short_description\\\": \\\"A side-channel vulnerability in Mbed TLS 2.24.0 base64 PEM file decoding allows system-level attackers to obtain information about secret RSA keys via controlled-channel and side-channel attacks, especially in isolated environments like Intel SGX.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability enables attackers with system-level access to extract RSA private key material through side-channel observation of base64 PEM decoding operations. It is particularly relevant for applications running in trusted execution environments (e.g., Intel SGX) where cryptographic operations are expected to remain protected. The attack requires administrator privileges but can compromise the confidentiality of private keys without direct memory access.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"4.9\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-203: Observable Discrepancy\\\"],\\n \\\"weakness_summary\\\": \\\"Side-channel information leak through timing or power analysis during base64 decoding of PEM files containing RSA private keys.\\\",\\n \\\"attack_surface\\\": \\\"Base64 PEM file decoding operations in Mbed TLS cryptographic library, particularly exposed in Intel SGX or similar isolated execution environments.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires system-level access and specialized side-channel measurement capabilities. No public exploit code is mentioned in the input data.\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of in-the-wild exploitation\\\", \\\"No public PoC references in input data\\\", \\\"EPSS score suggests moderate exploitation likelihood\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Network (AV:N)\\\",\\n \\\"authentication_required\\\": \\\"High privileges (administrator/system-level)\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"High (PR:H)\\\",\\n \\\"attack_complexity\\\": \\\"Low (AC:L)\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity with high-privilege requirements limits immediate risk, but side-channel attacks on cryptographic keys warrant systematic patching in environments using Mbed TLS, especially those leveraging trusted execution environments.\\\",\\n \\\"recommended_sla\\\": \\\"90 days for general deployments; 30 days for SGX/trusted execution environments\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Confidentiality (High) / Integrity (None) / Availability (None)\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation allows extraction of RSA private key material through side-channel observation, potentially compromising TLS sessions, code signing, or authentication mechanisms that rely on the affected keys.\\\",\\n \\\"blast_radius\\\": \\\"Limited to systems running Mbed TLS 2.24.0 with base64 PEM decoding operations, particularly those in Intel SGX environments. Risk extends to any services or applications using compromised keys.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to high-privilege requirements and specialized attack scenario, but potential for key compromise in security-sensitive environments (SGX, cryptographic services) elevates concern. Organizations using trusted execution environments face higher risk.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"ARM Mbed TLS\\\", \\\"Fedora 33\\\", \\\"Fedora 34\\\", \\\"Debian Linux 9.0\\\", \\\"Debian Linux 10.0\\\"],\\n \\\"affected_versions\\\": \\\"Mbed TLS 2.24.0\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires base64 PEM file decoding operations, particularly in Intel SGX or similar isolated execution environments.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Systems with internet-facing services using Mbed TLS for TLS termination or cryptographic operations may be indirectly affected if keys are compromised through this side-channel.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"SGX Environment Key Extraction\\\",\\n \\\"attacker_goal\\\": \\\"Extract RSA private keys from within Intel SGX enclaves\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker gains system-level access to host running SGX enclave\\\", \\\"Monitor side-channel signals during base64 PEM decoding operations\\\", \\\"Analyze timing/power patterns to reconstruct RSA key material\\\"],\\n \\\"likely_targets\\\": \\\"Cloud service providers using SGX for key management, secure enclave applications processing PEM files\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Administrative Privilege Escalation to Key Compromise\\\",\\n \\\"attacker_goal\\\": \\\"Compromise cryptographic keys after achieving administrative access\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker achieves system-level privileges on target system\\\", \\\"Deploy side-channel measurement tools targeting Mbed TLS PEM decoding\\\", \\\"Exfiltrate reconstructed key material for later use\\\"],\\n \\\"likely_targets\\\": \\\"Systems with Mbed TLS 2.24.0 where administrators are not fully trusted, multi-tenant environments\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Hardening\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade Mbed TLS to a version that addresses the side-channel vulnerability in base64 PEM decoding.\\\",\\n \\\"Implement constant-time base64 decoding implementations or disable vulnerable code paths in environments where side-channel resistance is critical.\\\",\\n \\\"Apply principle of least privilege to limit system-level access to systems running Mbed TLS cryptographic operations.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"patching_notes\\\": \\\"Check ARM Mbed TLS releases for fixes addressing CVE-2021-24119. Verify that patched versions maintain constant-time properties during PEM decoding operations.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify Mbed TLS version is upgraded beyond 2.24.0 or includes specific CVE-2021-24119 fix.\\\",\\n \\\"Test base64 PEM decoding operations for constant-time behavior using timing analysis tools.\\\",\\n \\\"Review and audit access controls for systems running Mbed TLS to ensure administrator privileges are appropriately restricted.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Ensure cryptographic operations remain functional after patching. Test TLS handshakes and certificate operations to verify compatibility.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for unusual system-level access patterns or privilege escalation attempts on systems running Mbed TLS.\\\",\\n \\\"Implement EDR/SIEM rules to detect side-channel measurement tools or suspicious process behavior during PEM file operations.\\\",\\n \\\"Use timing analysis tools to detect potential side-channel leaks in base64 decoding operations.\\\",\\n \\\"Audit access logs for administrative sessions on systems processing PEM files with private keys.\\\",\\n \\\"Hunt for anomalous network connections originating from systems after PEM file processing that might indicate key exfiltration.\\\",\\n \\\"Monitor for unexpected cryptographic operations or certificate usage that could indicate compromised keys.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00258 (percentile: 0.48888)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Mbed TLS is a widely used cryptographic library; vulnerability could affect downstream applications and services relying on it for TLS/crypto operations.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Fixed versions\\\", \\\"Detailed vendor advisory\\\", \\\"CISA KEV status\\\", \\\"Public exploit availability\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS scores differ between sources (0.3400 vs 0.00258); using 0.00258 as it appears to be the more recent EPSS score\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed Intel SGX environments are primary concern based on description\\\", \\\"Interpreted 'system-level attackers' as requiring administrator privileges\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear, but missing information on fixed versions and exploit availability limits comprehensive assessment.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://github.com/ARMmbed/mbedtls/releases\\\",\\n \\\"https://github.com/UzL-ITS/util-lookup/blob/main/cve-vulnerability-publication.md\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"94\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2020-36477\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2020-36477\\\",\\n \\\"title\\\": \\\"Mbed TLS X.509 Certificate Name Matching Vulnerability\\\",\\n \\\"short_description\\\": \\\"Mbed TLS before 2.24.0 mishandles X.509 certificate verification when matching the expected common name with the actual certificate name. When the subjectAltName extension is present, the expected name is compared to any name in that extension regardless of its type, allowing an attacker to impersonate a domain by obtaining a certificate for a corresponding IPv4 or IPv6 address.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability undermines the trust model of X.509 certificate validation in Mbed TLS, a widely used cryptographic library. It allows attackers to potentially impersonate legitimate domains using certificates issued for IP addresses, bypassing proper hostname verification. This could lead to man-in-the-middle attacks, unauthorized access to sensitive services, and compromise of encrypted communications in applications relying on Mbed TLS for TLS/SSL functionality.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"5.9\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-295\\\"],\\n \\\"weakness_summary\\\": \\\"Improper Certificate Validation - The certificate verification process fails to properly distinguish between different name types in the subjectAltName extension, allowing IP address certificates to validate against domain name expectations.\\\",\\n \\\"attack_surface\\\": \\\"TLS/SSL certificate validation routines in applications using Mbed TLS library for secure communications, affecting both client and server components that perform certificate verification.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires an attacker to obtain a valid certificate for an IP address that corresponds to the target domain, with moderate attack complexity due to the need for certificate procurement and network positioning.\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of active exploitation found in input data\\\", \\\"EPSS score indicates low exploitation likelihood\\\", \\\"Medium CVSS exploitability metrics\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes - attacker must be able to intercept or redirect network traffic\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"High - requires obtaining certificates and network positioning\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity vulnerability with high attack complexity and no evidence of active exploitation. The vulnerability affects certificate validation but requires significant attacker effort and positioning to exploit. Priority should be given to inventorying affected Mbed TLS deployments and planning updates during regular maintenance cycles.\\\",\\n \\\"recommended_sla\\\": \\\"90 days for assessment and patching in non-critical systems; 30 days for internet-facing or high-risk deployments\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Integrity impact (High) - No confidentiality or availability impact. The vulnerability allows attackers to impersonate legitimate domains, potentially leading to unauthorized access and data manipulation.\\\",\\n \\\"technical_impact_details\\\": \\\"When exploited, this vulnerability allows an attacker to present a certificate for an IP address that will be accepted as valid for a domain name, breaking the intended hostname verification. This could enable man-in-the-middle attacks where the client incorrectly validates the server certificate, or vice versa.\\\",\\n \\\"blast_radius\\\": \\\"Moderate - affects all applications using vulnerable versions of Mbed TLS for certificate verification. Impact scope depends on deployment patterns: internet-facing services, client applications making outbound TLS connections, and embedded systems using Mbed TLS are all potentially affected.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to the potential for authentication bypass and man-in-the-middle attacks, but mitigated by high attack complexity and the need for certificate authority cooperation. Risk increases for organizations with strict regulatory compliance requirements (PCI-DSS, HIPAA) or those operating critical infrastructure where certificate validation is paramount.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"ARM Mbed TLS\\\"],\\n \\\"affected_versions\\\": \\\"All versions before 2.24.0\\\",\\n \\\"fixed_versions\\\": \\\"2.24.0 and later\\\",\\n \\\"configuration_dependencies\\\": \\\"Affects deployments where certificate verification is performed using mbedtls_x509_crt_verify function with hostname validation. Both client and server implementations may be vulnerable depending on certificate validation configuration.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High relevance for internet-facing services and client applications making outbound connections to external services. Internal services may also be affected if certificate validation is used for service-to-service authentication.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Domain Impersonation via IP Certificate\\\",\\n \\\"attacker_goal\\\": \\\"Impersonate a legitimate domain to intercept encrypted communications or gain unauthorized access\\\",\\n \\\"steps_high_level\\\": [\\\"Obtain a valid certificate for an IP address that corresponds to the target domain's IP\\\", \\\"Position attacker infrastructure to intercept or redirect traffic between client and legitimate server\\\", \\\"Present the IP certificate when clients attempt to connect to the domain\\\", \\\"Exploit the certificate validation flaw to have the IP certificate accepted as valid for the domain\\\"],\\n \\\"likely_targets\\\": \\\"Applications making TLS connections to external APIs, mobile applications with certificate pinning, embedded devices using Mbed TLS for secure communications\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Man-in-the-Middle Against Mbed TLS Clients\\\",\\n \\\"attacker_goal\\\": \\\"Intercept and potentially modify encrypted communications between legitimate clients and servers\\\",\\n \\\"steps_high_level\\\": [\\\"Set up a malicious proxy server using a certificate for an IP address\\\", \\\"Redirect client traffic to the malicious proxy through DNS manipulation or network-level redirection\\\", \\\"Exploit the certificate validation vulnerability to make clients accept the IP certificate\\\", \\\"Capture and potentially modify communications between the legitimate client and target server\\\"],\\n \\\"likely_targets\\\": \\\"Client applications, IoT devices, and embedded systems using vulnerable Mbed TLS versions for outbound TLS connections\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Update\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade Mbed TLS to version 2.24.0 or later in all affected deployments and applications.\\\",\\n \\\"Audit certificate validation configurations to ensure proper hostname verification is enabled and functioning correctly.\\\",\\n \\\"Implement additional certificate validation checks in applications, such as certificate pinning or additional hostname validation logic.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Implement application-level hostname validation that explicitly checks the subjectAltName extension types and ensures domain names are only matched against DNS name entries, not IP addresses.\\\",\\n \\\"patching_notes\\\": \\\"The fix in Mbed TLS 2.24.0 properly distinguishes between different subjectAltName types during certificate verification. Organizations should test the update in non-production environments first, especially if using custom certificate validation logic or certificate pinning implementations.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify Mbed TLS version is 2.24.0 or later using the MBEDTLS_VERSION_STRING macro or library version checking functions.\\\",\\n \\\"Test certificate validation with test certificates containing both domain names and IP addresses in subjectAltName extensions.\\\",\\n \\\"Validate that applications properly reject certificates where IP addresses are presented for domain name validation scenarios.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backups of previous Mbed TLS versions and application binaries. Test rollback procedures to ensure compatibility with existing certificate infrastructure and validation logic.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for certificates with IP addresses in subjectAltName extensions being accepted for domain name validation\\\",\\n \\\"Alert on certificate validation failures or warnings in Mbed TLS applications that might indicate exploitation attempts\\\",\\n \\\"Hunt for network traffic patterns showing unexpected certificate chains or hostname mismatches in TLS connections\\\",\\n \\\"Implement certificate transparency log monitoring to detect suspicious certificates issued for IP addresses corresponding to organizational domains\\\",\\n \\\"Monitor for DNS manipulation or network redirection that could facilitate man-in-the-middle attacks\\\",\\n \\\"Alert on connections to organizational services that present certificates with unexpected subjectAltName types\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00217\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High - Mbed TLS is a widely used cryptographic library in embedded systems, IoT devices, and security applications. A vulnerability in this component could affect multiple downstream products and services.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed vendor advisory\\\", \\\"Complete list of affected products beyond Mbed TLS\\\", \\\"Information about backporting or patch availability for older versions\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS scores show discrepancy between different sources (0.2200 vs 0.00217), suggesting potential data quality issues or different calculation methodologies\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed that the vulnerability affects both client and server implementations of certificate verification\\\", \\\"Inferred that the vulnerability requires active man-in-the-middle positioning for successful exploitation\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear from the CVE description, but limited information about real-world exploitation, affected product scope, and vendor response reduces confidence in complete impact assessment.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://github.com/ARMmbed/mbedtls/issues/3498\\\",\\n \\\"https://github.com/ARMmbed/mbedtls/releases/tag/v2.24.0\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"117\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2024-45159\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2024-45159\\\",\\n \\\"title\\\": \\\"Mbed TLS 3.x TLS 1.3 Client Certificate Verification Bypass\\\",\\n \\\"short_description\\\": \\\"Mbed TLS 3.x before 3.6.1 incorrectly clears keyUsage and extKeyUsage verification bits when a TLS 1.3 server enables optional client authentication, allowing an attacker with a certificate valid for non-client-auth purposes to bypass verification.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability undermines TLS 1.3 client authentication by allowing misissued or repurposed certificates to be accepted as valid client credentials, potentially enabling unauthorized access to protected services, impersonation, and lateral movement within authenticated TLS sessions.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"9.8\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\\\",\\n \\\"severity_label\\\": \\\"CRITICAL\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-295\\\"],\\n \\\"weakness_summary\\\": \\\"Improper Certificate Validation - The library fails to properly validate X.509 certificate key usage extensions during TLS 1.3 client authentication, resulting in acceptance of certificates without the required digitalSignature and/or keyAgreement keyUsage bits and clientAuth extKeyUsage designation.\\\",\\n \\\"attack_surface\\\": \\\"TLS 1.3 server endpoints configured with optional client certificate authentication using Mbed TLS 3.x library; impacts both incoming TLS handshakes and post-handshake certificate validation routines.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"High\\\",\\n \\\"exploit_summary\\\": \\\"No active exploitation or public PoC is indicated in the input data, but the vulnerability has low attack complexity, requires no authentication or user interaction, and affects network-accessible services, making exploitation highly feasible.\\\",\\n \\\"evidence_signals\\\": [\\\"CVSS 3.1 base score 9.8 with network attack vector and low complexity\\\", \\\"No explicit evidence of in-the-wild exploitation in input data\\\", \\\"EPSS score 0.4200 suggests elevated exploitation likelihood\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Network\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Critical - Patch Immediately\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Critical CVSS 9.8 rating with network-accessible attack vector and potential for authentication bypass demands immediate patching to prevent unauthorized access and impersonation attacks against TLS 1.3 services.\\\",\\n \\\"recommended_sla\\\": \\\"Apply patches within 72 hours; implement temporary mitigations within 24 hours for internet-exposed systems.\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Complete compromise of client authentication mechanism leading to unauthorized access, identity spoofing, and potential data exfiltration or privilege escalation within authenticated TLS sessions.\\\",\\n \\\"technical_impact_details\\\": \\\"Confidentiality, Integrity, and Availability are all compromised (C:H/I:H/A:H) as attackers can establish authenticated TLS sessions using improperly validated certificates, potentially gaining access to protected resources and sensitive data.\\\",\\n \\\"blast_radius\\\": \\\"All Mbed TLS 3.x implementations before 3.6.1 using TLS 1.3 with optional client authentication enabled; particularly critical for internet-facing services, API gateways, and mutual TLS (mTLS) deployments.\\\",\\n \\\"business_risk_rating\\\": \\\"5\\\",\\n \\\"business_risk_justification\\\": \\\"Authentication bypass vulnerabilities in core cryptographic libraries represent existential threats to security architectures; successful exploitation could compromise entire trust models, regulatory compliance (PCI-DSS, HIPAA), and lead to significant data breaches.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Arm Mbed TLS\\\"],\\n \\\"affected_versions\\\": \\\"Mbed TLS 3.x versions before 3.6.1\\\",\\n \\\"fixed_versions\\\": \\\"Mbed TLS 3.6.1\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires TLS 1.3 configuration with optional client certificate authentication enabled; does not affect TLS 1.2 or earlier versions.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Critical - directly affects internet-facing TLS endpoints and services accepting client certificates for authentication.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Client Certificate Bypass for Unauthorized API Access\\\",\\n \\\"attacker_goal\\\": \\\"Gain unauthorized access to protected REST API endpoints requiring client certificate authentication\\\",\\n \\\"steps_high_level\\\": [\\\"Obtain any valid X.509 certificate lacking proper keyUsage/extKeyUsage for client authentication\\\", \\\"Initiate TLS 1.3 handshake with vulnerable Mbed TLS server\\\", \\\"Present malformed certificate during optional client authentication phase\\\", \\\"Establish authenticated session despite certificate validation failures\\\"],\\n \\\"likely_targets\\\": \\\"API gateways, microservices architectures, cloud-native applications using mTLS for service-to-service authentication\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Identity Spoofing in Mutual TLS Environments\\\",\\n \\\"attacker_goal\\\": \\\"Impersonate legitimate clients or services in mTLS-enabled environments\\\",\\n \\\"steps_high_level\\\": [\\\"Acquire certificate with valid signature chain but incorrect key usage extensions\\\", \\\"Connect to vulnerable TLS 1.3 service requiring client authentication\\\", \\\"Exploit verification bypass to establish trusted connection\\\", \\\"Perform actions as impersonated identity with full session privileges\\\"],\\n \\\"likely_targets\\\": \\\"Financial services platforms, healthcare systems, enterprise SSO implementations relying on certificate-based authentication\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Update\\\",\\n \\\"mitigation_action\\\": [\\\"Upgrade Mbed TLS to version 3.6.1 or later immediately to resolve the certificate verification bypass vulnerability.\\\", \\\"Implement strict certificate validation policies requiring both keyUsage and extKeyUsage compliance for all client certificates.\\\", \\\"Configure TLS endpoints to use mandatory rather than optional client authentication where feasible to reduce attack surface.\\\"],\\n \\\"workarounds\\\": \\\"Disable TLS 1.3 client certificate authentication or downgrade to TLS 1.2 if immediate patching is not feasible and business requirements permit; implement additional certificate validation at application layer.\\\",\\n \\\"patching_notes\\\": \\\"Coordinate patching with change control processes; test compatibility with existing client certificate infrastructure; ensure backup/rollback procedures are established.\\\",\\n \\\"verification_steps\\\": [\\\"Verify Mbed TLS library version reports 3.6.1 or later using mbedtls_version_check() or equivalent\\\", \\\"Test client authentication with intentionally malformed certificates to confirm proper rejection\\\", \\\"Review TLS handshake logs for proper certificate validation bitmask returns\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain previous library version binaries and configuration backups; prepare rollback procedures if compatibility issues arise with updated certificate validation logic.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor TLS handshake logs for successful connections where mbedtls_ssl_get_verify_result() returns MBEDTLS_X509_BADCERT_KEY_USAGE or MBEDTLS_X509_BADCERT_EXT_KEY_USAGE flags despite successful authentication\\\",\\n \\\"Hunt for client certificates lacking digitalSignature keyUsage bit or clientAuth extKeyUsage OID in successful TLS 1.3 connections\\\",\\n \\\"Implement certificate validation failure alerts for connections that should have been rejected based on key usage restrictions\\\",\\n \\\"Search for anomalous client certificate subjects or issuers establishing connections to sensitive TLS 1.3 endpoints\\\",\\n \\\"Monitor for unusual authentication patterns or privilege escalation following TLS 1.3 client certificate connections\\\",\\n \\\"Deploy network monitoring rules to detect TLS 1.3 handshakes with malformed certificate extensions to vulnerable Mbed TLS versions\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.4200\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High - Mbed TLS is embedded in numerous IoT devices, embedded systems, and enterprise applications; vulnerability could affect downstream products across multiple vendors and sectors.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed affected version ranges beyond '3.x before 3.6.1'\\\", \\\"Specific vendor advisories or security bulletins\\\", \\\"CISA KEV catalog status\\\", \\\"Evidence of active exploitation\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS score discrepancy: cves_euvd reports 0.4200 while cves_epss reports 0.00436 - using 0.4200 as it appears more authoritative in context\\\"],\\n \\\"assumptions_made\\\": [\\\"TLS 1.3 client authentication is configured as optional rather than mandatory\\\", \\\"Vulnerability affects only server-side implementations accepting client certificates\\\", \\\"Standard X.509 certificate validation contexts apply\\\"],\\n \\\"confidence\\\": \\\"High confidence in vulnerability assessment based on clear CVE description and CVSS metrics; moderate confidence in exploitability assessment due to lack of explicit exploitation evidence.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://github.com/Mbed-TLS/mbedtls/releases/\\\",\\n \\\"https://mbed-tls.readthedocs.io/en/latest/security-advisories/\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"106\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2023-45199\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2023-45199\\\",\\n \\\"title\\\": \\\"Mbed TLS Remote Code Execution via Buffer Overflow\\\",\\n \\\"short_description\\\": \\\"Mbed TLS versions 3.2.x through 3.4.x before 3.5 contain a buffer overflow vulnerability that can lead to remote code execution.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows unauthenticated remote attackers to execute arbitrary code on affected systems without user interaction, posing a critical risk to confidentiality, integrity, and availability. Given Mbed TLS's widespread use in embedded systems and IoT devices, successful exploitation could lead to complete system compromise, data exfiltration, and lateral movement within networks.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"9.8\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\\\",\\n \\\"severity_label\\\": \\\"CRITICAL\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-120\\\"],\\n \\\"weakness_summary\\\": \\\"Buffer overflow in Mbed TLS library allowing memory corruption and potential remote code execution\\\",\\n \\\"attack_surface\\\": \\\"Network-accessible TLS/SSL services using vulnerable Mbed TLS versions\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"High\\\",\\n \\\"exploit_summary\\\": \\\"High likelihood of exploitation due to network-accessible attack vector, no authentication requirements, and low attack complexity\\\",\\n \\\"evidence_signals\\\": [\\\"CVSS 9.8 critical severity\\\", \\\"Network-based attack vector\\\", \\\"No authentication required\\\", \\\"Low attack complexity\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Network\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Critical - Patch Immediately\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Critical severity RCE vulnerability with network-accessible attack vector and no authentication requirements demands immediate patching to prevent potential complete system compromise\\\",\\n \\\"recommended_sla\\\": \\\"24-48 hours for critical systems; 72 hours for all affected systems\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Complete system compromise affecting confidentiality, integrity, and availability\\\",\\n \\\"technical_impact_details\\\": \\\"Remote code execution enables attackers to gain complete control over affected systems, potentially leading to data theft, system manipulation, service disruption, and lateral network movement\\\",\\n \\\"blast_radius\\\": \\\"All systems running Mbed TLS 3.2.x through 3.4.x with network exposure are at risk; embedded devices and IoT infrastructure particularly vulnerable\\\",\\n \\\"business_risk_rating\\\": \\\"5\\\",\\n \\\"business_risk_justification\\\": \\\"Critical RCE vulnerability in widely-used TLS library with no authentication requirements poses maximum business risk, especially for internet-facing systems and critical infrastructure\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Arm Mbed TLS\\\"],\\n \\\"affected_versions\\\": \\\"3.2.x through 3.4.x (before 3.5)\\\",\\n \\\"fixed_versions\\\": \\\"3.5 and later\\\",\\n \\\"configuration_dependencies\\\": \\\"Systems must have network-accessible services using Mbed TLS\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Extremely high - any internet-facing service using vulnerable Mbed TLS versions is immediately exploitable\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Remote System Compromise\\\",\\n \\\"attacker_goal\\\": \\\"Gain complete control over vulnerable systems\\\",\\n \\\"steps_high_level\\\": [\\\"Identify target systems running vulnerable Mbed TLS versions\\\", \\\"Craft malicious payload to trigger buffer overflow\\\", \\\"Execute arbitrary code with system privileges\\\"],\\n \\\"likely_targets\\\": \\\"Internet-facing servers, embedded devices, IoT infrastructure, network appliances\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Supply Chain Attack\\\",\\n \\\"attacker_goal\\\": \\\"Compromise downstream devices and applications\\\",\\n \\\"steps_high_level\\\": [\\\"Exploit Mbed TLS vulnerability in widely-deployed embedded systems\\\", \\\"Establish persistence in firmware or system components\\\", \\\"Use compromised devices as foothold for lateral movement\\\"],\\n \\\"likely_targets\\\": \\\"Consumer IoT devices, industrial control systems, network equipment\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch Management\\\",\\n \\\"mitigation_action\\\": [\\\"Immediately upgrade Mbed TLS to version 3.5 or later on all affected systems\\\", \\\"Isolate or restrict network access to vulnerable systems until patching is complete\\\", \\\"Conduct comprehensive security assessment of all systems using Mbed TLS to identify exposure points\\\"],\\n \\\"workarounds\\\": \\\"Network segmentation and access controls may reduce exposure but do not eliminate the vulnerability\\\",\\n \\\"patching_notes\\\": \\\"Coordinate patching with change management processes; test patches in non-production environment first; prioritize internet-facing systems\\\",\\n \\\"verification_steps\\\": [\\\"Verify Mbed TLS version is 3.5 or later using version detection tools\\\", \\\"Test TLS/SSL functionality after patching to ensure service availability\\\", \\\"Monitor systems for unusual network activity or code execution indicators\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous Mbed TLS configuration and binaries; ensure rollback procedures are tested and documented\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for unusual network connections or outbound traffic from systems using Mbed TLS\\\",\\n \\\"Search for process execution anomalies or unexpected child processes spawned from TLS-related services\\\",\\n \\\"Hunt for buffer overflow exploitation patterns in network traffic logs and IDS/IPS alerts\\\",\\n \\\"Monitor for privilege escalation attempts following potential exploitation\\\",\\n \\\"Search for unexpected network listeners or services on affected systems\\\",\\n \\\"Correlate vulnerability scan results with network traffic analysis to identify potential exploitation attempts\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.05040\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High - Mbed TLS is widely used in embedded systems and IoT devices across multiple industries\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed vulnerability technical analysis\\\", \\\"Specific exploitation techniques\\\", \\\"Vendor-provided mitigation guidance\\\", \\\"Proof-of-concept availability\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"Duplicate reference URLs in source data\\\"],\\n \\\"assumptions_made\\\": [\\\"Buffer overflow is exploitable for RCE based on CVSS score and description\\\", \\\"Network accessibility is required for exploitation\\\"],\\n \\\"confidence\\\": \\\"High confidence in severity assessment based on CVSS 9.8 score and vendor advisory; moderate confidence in specific exploitation details due to limited technical information\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2023-10-2/\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"84\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2020-10941\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2020-10941\\\",\\n \\\"title\\\": \\\"Mbed TLS RSA Private Key Extraction via Cache Side-Channel\\\",\\n \\\"short_description\\\": \\\"Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability enables attackers to recover RSA private keys through cache side-channel analysis during key import, potentially compromising TLS sessions, code signing, or authentication mechanisms that rely on those keys. Successful exploitation undermines confidentiality of encrypted data and authenticity of signed material without requiring authentication or direct code execution.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"5.9\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-203: Observable Discrepancy\\\"],\\n \\\"weakness_summary\\\": \\\"Cache-based side-channel vulnerability during RSA private key import allowing key extraction through timing/cache usage analysis.\\\",\\n \\\"attack_surface\\\": \\\"Network-accessible TLS endpoints or systems performing RSA key imports in shared compute environments.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires precise cache usage measurements during RSA key import operations, typically feasible in shared compute environments with insufficient cache isolation.\\\",\\n \\\"evidence_signals\\\": [\\\"No explicit in-the-wild exploitation reported in input data\\\", \\\"EPSS score suggests moderate exploitation likelihood\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes (network-accessible service performing key imports)\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"High (requires precise cache measurement and shared compute environment)\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity side-channel vulnerability requiring specific cache measurement conditions and shared compute environment for exploitation. No evidence of active exploitation, but RSA key compromise has significant impact potential.\\\",\\n \\\"recommended_sla\\\": \\\"90 days (within next maintenance window)\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"High confidentiality impact (RSA private key disclosure) with no integrity or availability impact.\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation enables complete compromise of RSA private keys, allowing decryption of captured TLS sessions, impersonation attacks, and bypass of signature verification mechanisms.\\\",\\n \\\"blast_radius\\\": \\\"Systems running Mbed TLS <2.16.5 in shared compute environments without cache isolation; particularly critical for TLS termination points, VPN concentrators, and code signing infrastructure.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to high technical impact (key compromise) balanced against high attack complexity and lack of confirmed exploitation. Risk increases significantly in cloud/shared hosting environments.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Arm Mbed TLS\\\", \\\"Arm Mbed Crypto\\\", \\\"Debian Linux 10.0\\\", \\\"Fedora 31\\\", \\\"Fedora 32\\\"],\\n \\\"affected_versions\\\": \\\"Mbed TLS before 2.16.5; Mbed Crypto before 2.16.5\\\",\\n \\\"fixed_versions\\\": \\\"Mbed TLS 2.16.5 and later\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires RSA key import operations in environments with insufficient cache isolation between attacker and victim processes.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High relevance for internet-facing TLS endpoints and VPN services using affected Mbed TLS versions.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Cloud TLS Endpoint Key Extraction\\\",\\n \\\"attacker_goal\\\": \\\"Extract RSA private keys from co-located TLS termination service\\\",\\n \\\"steps_high_level\\\": [\\\"Deploy malicious workload in shared cloud environment\\\", \\\"Execute cache timing measurements during victim's RSA key import\\\", \\\"Analyze cache access patterns to reconstruct private key\\\", \\\"Use extracted key to decrypt captured TLS sessions\\\"],\\n \\\"likely_targets\\\": \\\"Cloud-hosted TLS termination points, load balancers, VPN concentrators\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Cross-Tenant Key Recovery in Shared Hosting\\\",\\n \\\"attacker_goal\\\": \\\"Compromise TLS keys from neighboring tenant in shared infrastructure\\\",\\n \\\"steps_high_level\\\": [\\\"Identify co-located Mbed TLS services through network reconnaissance\\\", \\\"Execute Flush+Reload or Prime+Probe cache side-channel attacks\\\", \\\"Correlate cache patterns during key import operations\\\", \\\"Recover complete RSA private key through statistical analysis\\\"],\\n \\\"likely_targets\\\": \\\"Shared hosting environments, container platforms, multi-tenant infrastructure\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Environment Hardening\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade Mbed TLS to version 2.16.5 or later to implement cache-side-channel resistant RSA key import operations.\\\",\\n \\\"Implement strict CPU cache isolation between tenants in shared compute environments using technologies like CAT (Cache Allocation Technology) or secure enclaves.\\\",\\n \\\"Deploy network segmentation and access controls to limit exposure of TLS key management operations to untrusted networks.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disable RSA key imports in shared compute environments; use dedicated hardware security modules (HSMs) for key operations; implement strict CPU affinity and core isolation.\\\",\\n \\\"patching_notes\\\": \\\"Mbed TLS 2.16.5 includes cache-side-channel resistant implementations for RSA key operations. Verify compatibility with existing applications before deployment.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Confirm Mbed TLS version is 2.16.5 or later using version query APIs or package manager.\\\",\\n \\\"Test RSA key import operations in isolated environment to ensure functionality post-upgrade.\\\",\\n \\\"Validate that cache isolation mechanisms are properly configured in shared compute environments.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous Mbed TLS version and configuration; test rollback procedures in non-production environment; preserve key material in secure storage during upgrade.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for unusual cache access patterns or timing anomalies during RSA key operations using performance monitoring tools.\\\",\\n \\\"Deploy EDR solutions to detect Flush+Reload or Prime+Probe cache side-channel attack patterns in shared compute environments.\\\",\\n \\\"Implement network monitoring for unexpected TLS session decryption or certificate validation failures indicating potential key compromise.\\\",\\n \\\"Hunt for processes with unusual memory access patterns to cryptographic key storage areas using kernel-level monitoring.\\\",\\n \\\"Monitor system logs for Mbed TLS version information and key import operation timing anomalies.\\\",\\n \\\"Deploy hardware performance counters to detect cache-based side-channel attack attempts in cloud environments.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00750\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - Affects cryptographic library used in embedded systems, IoT devices, and security applications\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed vendor advisory link\\\", \\\"Proof-of-concept exploit availability\\\", \\\"CISA KEV status\\\", \\\"Specific vulnerable configuration details\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS score discrepancy between sources (0.7500 vs 0.00750) - using 0.00750 as more recent EPSS value\\\"],\\n \\\"assumptions_made\\\": [\\\"Attack requires shared compute environment with insufficient cache isolation\\\", \\\"RSA key import operations are occurring in vulnerable contexts\\\", \\\"No hardware-level cache isolation is present\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear, but specific exploitation requirements and current threat landscape details are limited\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html\\\",\\n \\\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5JPE2HFBDJF3UBT6Q4VWLKNKCVCMX25J/\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"86\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2020-36421\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2020-36421\\\",\\n \\\"title\\\": \\\"Arm Mbed TLS RSA Private Key Side-Channel Information Disclosure\\\",\\n \\\"short_description\\\": \\\"A side-channel vulnerability exists in Arm Mbed TLS versions before 2.23.0 during modular exponentiation operations, allowing disclosure of RSA private keys used within secure enclaves.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability enables attackers to extract RSA private keys through side-channel analysis, compromising the confidentiality of cryptographic material. While exploitation requires local access and measurement capabilities, successful attacks undermine the security guarantees of secure enclaves and TLS implementations relying on Mbed TLS. The exposure of private keys can lead to complete compromise of encrypted communications, identity impersonation, and unauthorized access to protected resources. Organizations using affected versions in environments with local attackers or insufficient side-channel protections face significant risk to data confidentiality and system integrity.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"5.3\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-203: Observable Discrepancy\\\"],\\n \\\"weakness_summary\\\": \\\"Side-channel attack during RSA modular exponentiation allows observation of timing or power consumption patterns that leak information about private key bits.\\\",\\n \\\"attack_surface\\\": \\\"Local access to systems running vulnerable Mbed TLS in secure enclaves; requires ability to measure side-channel signals during cryptographic operations.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires local access and specialized measurement equipment or techniques to capture side-channel signals during RSA operations. No evidence of in-the-wild exploitation found in input data.\\\",\\n \\\"evidence_signals\\\": [\\\"No active exploitation indicators present in input data\\\", \\\"EPSS score suggests low exploitation probability (0.00190)\\\", \\\"Vendor advisory and community discussions available\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"No (local access required)\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"High (requires side-channel measurement capabilities)\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity side-channel vulnerability requiring local access and specialized equipment for exploitation. While the impact of private key disclosure is severe, the attack complexity is high and no active exploitation is documented. Priority should be given to systems in shared environments or those processing highly sensitive data.\\\",\\n \\\"recommended_sla\\\": \\\"90 days for general systems; 30 days for high-security environments with local attack surface\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Confidentiality impact: Low (information disclosure of private keys); Integrity: None; Availability: None\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation results in complete disclosure of RSA private keys used in secure enclaves, enabling decryption of captured communications, certificate forgery, and identity impersonation attacks.\\\",\\n \\\"blast_radius\\\": \\\"Limited to systems running vulnerable Mbed TLS versions in environments where attackers can perform side-channel measurements. Risk increases with shared hosting, cloud environments, or physical access scenarios.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to high attack complexity but severe consequences if exploited. Organizations with regulatory requirements for cryptographic key protection (PCI-DSS, HIPAA, FIPS) face compliance risks. Systems in shared environments or with physical access exposure require immediate attention.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Arm Mbed TLS\\\", \\\"Debian Linux 10.0\\\"],\\n \\\"affected_versions\\\": \\\"Arm Mbed TLS versions before 2.23.0; Debian Linux 10.0 (includes vulnerable Mbed TLS packages)\\\",\\n \\\"fixed_versions\\\": \\\"Arm Mbed TLS 2.23.0 and later\\\",\\n \\\"configuration_dependencies\\\": \\\"Systems using RSA private keys within secure enclaves; requires Mbed TLS library integration and RSA operations\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Indirect relevance - systems exposed to local attackers (shared hosting, cloud VMs) are at higher risk than isolated systems\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Cloud Environment Key Extraction\\\",\\n \\\"attacker_goal\\\": \\\"Extract RSA private keys from co-located virtual machines\\\",\\n \\\"steps_high_level\\\": [\\\"Deploy malicious VM in shared cloud environment\\\", \\\"Execute side-channel measurement tools to monitor CPU cache/ power patterns\\\", \\\"Trigger RSA operations on target system and capture key-dependent patterns\\\"],\\n \\\"likely_targets\\\": \\\"Cloud-hosted services using Mbed TLS for TLS termination or certificate-based authentication\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Physical Access Key Compromise\\\",\\n \\\"attacker_goal\\\": \\\"Extract cryptographic keys from embedded devices\\\",\\n \\\"steps_high_level\\\": [\\\"Gain physical access to target device running vulnerable Mbed TLS\\\", \\\"Connect side-channel measurement equipment (oscilloscope, EM probes)\\\", \\\"Monitor power consumption during RSA operations to derive private key\\\"],\\n \\\"likely_targets\\\": \\\"Embedded systems, IoT devices, secure boot implementations using Mbed TLS\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Update\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade Mbed TLS to version 2.23.0 or later to implement side-channel resistant modular exponentiation.\\\",\\n \\\"Implement additional side-channel protections such as constant-time algorithms, blinding techniques, and hardware countermeasures where available.\\\",\\n \\\"Apply defense-in-depth measures including key rotation, monitoring for anomalous cryptographic operations, and limiting local access to cryptographic systems.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Implement constant-time RSA implementations or use hardware security modules (HSMs) with side-channel protection; restrict local access to systems performing cryptographic operations; employ process isolation and sandboxing techniques\\\",\\n \\\"patching_notes\\\": \\\"Mbed TLS 2.23.0 includes side-channel resistant fixes for modular exponentiation. Verify that all dependent applications and libraries are updated. Test cryptographic functionality after patching.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify Mbed TLS version is 2.23.0 or later using library version checking functions or package management tools.\\\",\\n \\\"Test RSA operations for functionality and performance impact after patching.\\\",\\n \\\"Review system logs and monitoring for any indicators of attempted side-channel attacks or key compromise.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Rollback may be necessary if patching causes performance degradation or compatibility issues; ensure backup of previous versions and test rollback procedures in non-production environments first\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for unusual local access patterns or privilege escalation attempts on systems using Mbed TLS\\\",\\n \\\"Implement detection for side-channel measurement tools or suspicious hardware connections to cryptographic systems\\\",\\n \\\"Monitor cryptographic operation timing patterns for anomalies that might indicate side-channel exploitation attempts\\\",\\n \\\"Review logs for repeated failed authentication attempts followed by successful RSA operations (potential key extraction)\\\",\\n \\\"Hunt for network traffic patterns suggesting use of compromised certificates or keys\\\",\\n \\\"Implement continuous monitoring of Mbed TLS library versions and flag any systems running vulnerable versions\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"No evidence of in-the-wild exploitation found in input data\\\",\\n \\\"public_exploit_references\\\": \\\"No public exploit code references found in input data\\\",\\n \\\"epss\\\": \\\"0.00190 (0.19%)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - Mbed TLS is widely used in embedded systems and IoT devices; key compromise could affect multiple downstream products\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed vendor advisory URL\\\", \\\"Specific CWE identifier\\\", \\\"Complete list of affected products and versions\\\", \\\"Detailed technical description of side-channel mechanism\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS scores show discrepancy between sources (0.1900 vs 0.00190) - likely decimal placement error in one source\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed local access requirement based on side-channel attack nature\\\", \\\"Inferred secure enclave context from description\\\", \\\"Assumed RSA operations are primary attack vector\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear, but limited technical specifics and exploitability information available\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://bugs.gentoo.org/730752\\\",\\n \\\"https://github.com/ARMmbed/mbedtls/issues/3394\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"89\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2020-36424\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2020-36424\\\",\\n \\\"title\\\": \\\"Arm Mbed TLS Side-Channel Attack in Base Blinding/Unblinding Value Generation\\\",\\n \\\"short_description\\\": \\\"A side-channel vulnerability in Arm Mbed TLS before 2.24.0 allows an attacker with local access to recover RSA or static Diffie-Hellman private keys by observing the generation of base blinding/unblinding values.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability enables cryptographic key material compromise through side-channel observation, undermining the confidentiality of RSA and static Diffie-Hellman private keys. Successful exploitation allows impersonation, decryption of captured communications, and potential long-term compromise of secure channels. The attack requires local access and high-resolution side-channel measurement, making it relevant primarily in shared environments (cloud, containers) or against endpoints where an attacker can execute measurement code.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"4.7\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-203: Observable Discrepancy\\\"],\\n \\\"weakness_summary\\\": \\\"The implementation of base blinding/unblinding value generation leaks timing or power-consumption information that correlates with private key bits, enabling key-recovery via side-channel analysis.\\\",\\n \\\"attack_surface\\\": \\\"Local process or co-located VM/container on the same physical host; requires ability to measure timing, cache side-channels, or power consumption during cryptographic operations.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires local access, low privileges, and specialized side-channel measurement capabilities; no public PoC or in-the-wild exploitation is indicated in the input data.\\\",\\n \\\"evidence_signals\\\": [\\\"EPSS score 0.00085 (0.25186 percentile) suggests low near-term exploitation likelihood\\\", \\\"No CISA KEV or vendor-reported active exploitation noted in input data\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"No\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"Low\\\",\\n \\\"attack_complexity\\\": \\\"High\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"CVSS 4.7 MEDIUM with High attack complexity and local access requirement; prioritize patching in shared hosting, multi-tenant, or containerized environments where side-channel attacks are feasible.\\\",\\n \\\"recommended_sla\\\": \\\"90 days for general assets; 30 days for high-risk environments (shared cloud, containers, or devices processing sensitive cryptographic material).\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Confidentiality: High (private key recovery); Integrity: None; Availability: None\\\",\\n \\\"technical_impact_details\\\": \\\"Full compromise of RSA or static Diffie-Hellman private keys allows decryption of past/future sessions, impersonation, and man-in-the-middle attacks if keys are reused.\\\",\\n \\\"blast_radius\\\": \\\"Limited to co-located attackers on the same physical host; risk increases in cloud/VM/container environments with shared hardware.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Key material compromise has severe long-term consequences, but exploitation requires specialized access and measurement; medium risk due to high attack complexity and lack of observed exploitation.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Arm Mbed TLS\\\", \\\"Debian Linux 10.0\\\"],\\n \\\"affected_versions\\\": \\\"Arm Mbed TLS before 2.24.0; Debian 10.0 (Buster) with vulnerable Mbed TLS packages\\\",\\n \\\"fixed_versions\\\": \\\"Arm Mbed TLS 2.24.0 and later; Debian security updates (specific package versions not provided in input data)\\\",\\n \\\"configuration_dependencies\\\": \\\"Affects systems using Mbed TLS for RSA or static Diffie-Hellman key exchange; dynamic ECDH and other ciphers may not be impacted.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Low direct relevance; however, keys recovered from backend systems could impact internet-facing services if the same keys are used.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Cloud Co-Residency Key Extraction\\\",\\n \\\"attacker_goal\\\": \\\"Recover private keys from a co-resident VM or container to decrypt TLS sessions or impersonate the service.\\\",\\n \\\"steps_high_level\\\": [\\\"Deploy attacker-controlled VM/container on the same physical host as the target\\\", \\\"Execute high-resolution side-channel measurement code (e.g., Flush+Reload, Prime+Probe) during Mbed TLS blinding value generation\\\", \\\"Correlate side-channel measurements to recover RSA/static DH private key bits\\\"],\\n \\\"likely_targets\\\": \\\"Cloud workloads, containerized services, or shared hosting environments where Mbed TLS is used for TLS termination or key exchange.\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Local Process Side-Channel Key Recovery\\\",\\n \\\"attacker_goal\\\": \\\"Extract private keys from a local service or process using Mbed TLS by observing cryptographic operations.\\\",\\n \\\"steps_high_level\\\": [\\\"Gain low-privilege local access to the target system\\\", \\\"Execute side-channel measurement tools to monitor cache/PMU events during Mbed TLS operations\\\", \\\"Analyze collected traces to reconstruct the private key\\\"],\\n \\\"likely_targets\\\": \\\"Endpoints or servers where Mbed TLS is used for certificate-based authentication or key exchange, and an attacker has obtained local execution.\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade Mbed TLS to version 2.24.0 or later to address the side-channel leakage in base blinding/unblinding value generation.\\\",\\n \\\"Apply vendor-provided patches for embedded or downstream distributions (e.g., Debian security updates) and verify the fix is present.\\\",\\n \\\"Isolate cryptographic workloads to dedicated hardware or single-tenant environments to reduce side-channel exposure in multi-tenant scenarios.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disable RSA and static Diffie-Hellman cipher suites if not required; use ephemeral ECDH or other side-channel resistant algorithms where feasible.\\\",\\n \\\"patching_notes\\\": \\\"Verify that the patched version includes constant-time blinding value generation and test TLS handshake functionality post-update.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Confirm Mbed TLS version is 2.24.0 or later using the library's version API or package manager.\\\",\\n \\\"Validate that RSA and static DH operations complete without errors and TLS handshakes succeed.\\\",\\n \\\"Review system logs for any cryptographic errors or failures after patching.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain a backup of the previous Mbed TLS library version and configuration; test rollback procedures in a non-production environment.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for unexpected local process execution or side-channel measurement tools (e.g., perf, PMU access) on systems using Mbed TLS.\\\",\\n \\\"Alert on anomalous cache-miss or timing patterns during TLS handshakes that could indicate side-channel probing.\\\",\\n \\\"Hunt for co-resident VMs/containers with suspicious network or CPU activity patterns in cloud environments.\\\",\\n \\\"Review access logs for unauthorized local or SSH sessions to systems handling sensitive cryptographic operations.\\\",\\n \\\"Use EDR or OS auditing to detect processes reading cryptographic key material or performing high-frequency timing measurements.\\\",\\n \\\"Correlate Mbed TLS library loads with side-channel-suspicious syscalls or hardware performance counter access.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00085 (percentile 0.25186)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium; Mbed TLS is widely used in embedded and IoT devices; key compromise could impact downstream products.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Exact fixed version for Debian packages\\\", \\\"Vendor advisory link\\\", \\\"Detailed technical analysis of the side-channel mechanism\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS scores differ between sources (0.0800 vs 0.00085); using the EPSS-specific value (0.00085) as authoritative\\\"],\\n \\\"assumptions_made\\\": [\\\"Static Diffie-Hellman is impacted based on description; dynamic ECDH may not be affected\\\", \\\"Local access implies co-located execution on shared hardware\\\"],\\n \\\"confidence\\\": \\\"Medium; core vulnerability details are clear, but missing vendor advisory and fixed package versions limit precision.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://bugs.gentoo.org/740108\\\",\\n \\\"https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"91\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2020-36426\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2020-36426\\\",\\n \\\"title\\\": \\\"Arm Mbed TLS mbedtls_x509_crl_parse_der Buffer Over-read Vulnerability\\\",\\n \\\"short_description\\\": \\\"Arm Mbed TLS before 2.24.0 contains a buffer over-read of one byte in the mbedtls_x509_crl_parse_der function. This can cause denial of service through application crashes or unexpected behavior when parsing malformed Certificate Revocation List (CRL) data.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability affects a widely used TLS/cryptographic library and can be triggered remotely without authentication by sending a malformed CRL. While the impact is limited to availability (crash), it could disrupt TLS handshakes, service availability, or certificate validation workflows in embedded systems, IoT devices, and enterprise services relying on Mbed TLS. The low attack complexity and network-accessible nature increase exploitability risk.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"7.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\\\",\\n \\\"severity_label\\\": \\\"HIGH\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-126: Buffer Over-read\\\"],\\n \\\"weakness_summary\\\": \\\"The mbedtls_x509_crl_parse_der function reads one byte beyond the allocated buffer boundary when processing DER-encoded CRL data. This classic buffer over-read can lead to segmentation faults, application crashes, or information disclosure depending on memory layout and mitigation controls.\\\",\\n \\\"attack_surface\\\": \\\"Network-exposed TLS services accepting CRL data during certificate validation; embedded/IoT devices using Mbed TLS for secure communications; systems processing CRL files or streams via the affected parsing function.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires sending a specially crafted DER-encoded CRL to a vulnerable Mbed TLS instance. No authentication or user interaction is needed, and the attack complexity is low. The primary impact is application crash (denial of service).\\\",\\n \\\"evidence_signals\\\": [\\\"CVSS 3.1 base score 7.5 (High) with network attack vector and low attack complexity\\\", \\\"EPSS score 0.00225 (low exploitation likelihood as of 2025-11-23)\\\", \\\"No explicit evidence of in-the-wild exploitation or public PoC in input data\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes (AV:N)\\\",\\n \\\"authentication_required\\\": \\\"No (PR:N)\\\",\\n \\\"user_interaction_required\\\": \\\"No (UI:N)\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low (AC:L)\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"High CVSS score (7.5) with network accessibility and low attack complexity warrants patching, but the impact is limited to availability (crash) without code execution. EPSS suggests low current exploitation likelihood. Prioritize patching for internet-facing systems and those processing untrusted CRL data.\\\",\\n \\\"recommended_sla\\\": \\\"Apply patches within 30–60 days; expedite for internet-exposed services or critical infrastructure.\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Availability impact (High) with no confidentiality or integrity compromise per CVSS metrics. Successful exploitation causes application crash or unexpected termination.\\\",\\n \\\"technical_impact_details\\\": \\\"Buffer over-read of one byte in CRL parsing logic can trigger segmentation faults, memory access violations, or undefined behavior. May disrupt TLS handshakes, certificate validation, or service availability in Mbed TLS-dependent applications.\\\",\\n \\\"blast_radius\\\": \\\"Moderate to high for systems using Mbed TLS for TLS termination, embedded devices with limited crash recovery, and services processing CRL data from untrusted sources. Scope includes Arm Mbed TLS versions before 2.24.0 and downstream distributions (e.g., Debian 10).\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Denial-of-service risk to TLS-enabled services and embedded systems; moderate business impact due to availability disruption potential. Risk is elevated for internet-facing services, IoT devices, and environments with high reliance on certificate validation. No evidence of active exploitation reduces immediate urgency.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Arm Mbed TLS\\\", \\\"Debian Linux 10.0\\\"],\\n \\\"affected_versions\\\": \\\"Arm Mbed TLS versions before 2.24.0; Debian 10.0 (Buster) with vulnerable Mbed TLS packages.\\\",\\n \\\"fixed_versions\\\": \\\"Arm Mbed TLS 2.24.0 and later; Debian security updates (check specific package versions in advisories).\\\",\\n \\\"configuration_dependencies\\\": \\\"Vulnerability triggers when mbedtls_x509_crl_parse_der is invoked, typically during CRL-based certificate validation. Requires systems to process CRL data (e.g., via configuration or certificate chain validation).\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High relevance for internet-facing TLS services, VPN gateways, embedded devices, and systems accepting CRL data from external sources. Network accessibility (AV:N) enables remote exploitation.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Remote DoS via Malformed CRL\\\",\\n \\\"attacker_goal\\\": \\\"Cause denial of service by crashing the Mbed TLS application.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker crafts a malformed DER-encoded CRL with specific boundary conditions to trigger a one-byte over-read.\\\", \\\"Attacker delivers the malicious CRL to the target system (e.g., via network upload, HTTP request, or certificate validation path).\\\", \\\"The vulnerable mbedtls_x509_crl_parse_der function processes the CRL, reads one byte beyond the buffer, and triggers a crash or undefined behavior.\\\"],\\n \\\"likely_targets\\\": \\\"Internet-facing TLS servers, VPN concentrators, IoT devices, and embedded systems using Mbed TLS for certificate validation.\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Supply Chain CRL Poisoning\\\",\\n \\\"attacker_goal\\\": \\\"Disrupt service availability by injecting a malicious CRL into a supply chain or update mechanism.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker compromises a certificate authority or distribution point to serve a malformed CRL.\\\", \\\"Target systems fetch the malicious CRL during routine certificate validation or update cycles.\\\", \\\"Mbed TLS parses the CRL, triggers the buffer over-read, and crashes critical services (e.g., authentication, secure communications).\\\"],\\n \\\"likely_targets\\\": \\\"Enterprise services with automated CRL fetching, embedded devices with limited input validation, and systems relying on third-party CRL providers.\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Hardening\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade Mbed TLS to version 2.24.0 or later, or apply vendor-provided patches (e.g., Debian security updates).\\\",\\n \\\"Implement network segmentation and access controls to restrict CRL retrieval to trusted sources only.\\\",\\n \\\"Deploy compensating controls such as WAF rules to block malformed CRL inputs or monitor for anomalous parsing behavior.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disable CRL-based certificate validation if not required; use alternative revocation mechanisms (e.g., OCSP) where feasible. Note: This may reduce security posture and is not a permanent solution.\\\",\\n \\\"patching_notes\\\": \\\"Verify patch compatibility with existing applications and dependencies. Test in non-production environments before deployment. Prioritize patching for internet-exposed systems and critical infrastructure.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Confirm Mbed TLS version is 2.24.0 or later using version inspection commands or library checks.\\\",\\n \\\"Validate that CRL parsing functions correctly with test vectors after patching.\\\",\\n \\\"Monitor application logs and crash dumps for signs of exploitation attempts or instability.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backups of configuration and binaries before patching. Ensure rollback procedures are tested and documented in case of post-patch issues.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor application logs for segmentation faults, access violations, or unexpected crashes in Mbed TLS processes.\\\",\\n \\\"Deploy network monitoring to detect anomalous CRL downloads or malformed DER-encoded data sent to TLS services.\\\",\\n \\\"Use EDR or system monitoring to track invocations of mbedtls_x509_crl_parse_der with abnormal parameters or error codes.\\\",\\n \\\"Hunt for repeated crash-restart patterns in services using Mbed TLS, which may indicate exploitation attempts.\\\",\\n \\\"Correlate firewall or WAF logs for CRL-related requests from untrusted or suspicious sources.\\\",\\n \\\"Implement fuzzing or input validation testing on CRL parsing paths to identify potential exploitation vectors.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"No evidence of in-the-wild exploitation in input data.\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00225 (as of 2025-11-23)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Moderate relevance due to Mbed TLS being a foundational cryptographic library used in embedded systems and IoT devices; upstream patching is critical for downstream consumers.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed affected version ranges beyond 'before 2.24.0'\\\", \\\"Vendor-provided patch links or advisories\\\", \\\"Evidence of public exploits or in-the-wild exploitation\\\", \\\"CISA KEV status\\\", \\\"Ransomware or threat actor associations\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS score discrepancy: cves_euvd reports 0.2200, while cves_epss reports 0.00225; using cves_epss value as it is explicitly sourced from EPSS with a date.\\\", \\\"Affected products list includes both software (Mbed TLS) and OS (Debian); clarifying that Debian 10.0 includes vulnerable Mbed TLS packages.\\\"],\\n \\\"assumptions_made\\\": [\\\"Buffer over-read is limited to one byte based on description; no evidence of larger over-reads.\\\", \\\"Impact is primarily denial of service (crash) without code execution, consistent with CVSS metrics (C:N/I:N/A:H).\\\", \\\"Patching via version upgrade to 2.24.0+ resolves the vulnerability, though specific patch commits are not provided.\\\"],\\n \\\"confidence\\\": \\\"Medium-High: Core vulnerability details and CVSS metrics are clear, but lack of exploitation evidence and detailed patch information limits full confidence.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://bugs.gentoo.org/740108\\\",\\n \\\"https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"97\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2021-36647\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2021-36647\\\",\\n \\\"title\\\": \\\"Mbed TLS RSA Private Key Recovery via Timing Side-Channel in mbedtls_mpi_exp_mod\\\",\\n \\\"short_description\\\": \\\"A timing side-channel vulnerability exists in mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS versions before 3.0.0, 2.27.0, or 2.16.11. Attackers with access to precise timing and memory access information (e.g., an untrusted OS attacking a secure enclave) can recover RSA private keys.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows recovery of RSA private keys through timing side-channel attacks, compromising the confidentiality of cryptographic material. It is particularly relevant in environments using secure enclaves (SGX, TrustZone) where an untrusted OS can observe timing variations. Loss of private keys undermines authentication, confidentiality, and non-repudiation for RSA-protected assets.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"4.7\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-327\\\"],\\n \\\"weakness_summary\\\": \\\"Use of a Broken or Risky Cryptographic Algorithm; timing side-channel leakage during RSA modular exponentiation.\\\",\\n \\\"attack_surface\\\": \\\"Local timing observation during RSA operations; typically exploited by an untrusted OS against secure enclaves (SGX, TrustZone).\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires precise local timing measurements and memory access observation, typically in secure enclave scenarios. No evidence of in-the-wild exploitation or public PoC was found in the input data.\\\",\\n \\\"evidence_signals\\\": [\\\"No explicit evidence of active exploitation in input data.\\\", \\\"EPSS score indicates low exploitation likelihood (0.00050).\\\", \\\"CVSS exploitability metrics indicate High attack complexity and Local access.\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"No\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"Low\\\",\\n \\\"attack_complexity\\\": \\\"High\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"CVSS 4.7 (MEDIUM) with High attack complexity and Local access vector. EPSS is low (0.00050). No evidence of active exploitation. Prioritize patching in environments using secure enclaves (SGX, TrustZone) or where Mbed TLS is exposed to local attackers. Standard patching cadence is acceptable unless specific enclave use cases are present.\\\",\\n \\\"recommended_sla\\\": \\\"90 days for general deployments; 30 days if used in secure enclaves or high-assurance environments.\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"High confidentiality impact (private key recovery); no integrity or availability impact.\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation recovers RSA private keys, enabling impersonation, decryption of captured ciphertexts, and bypass of RSA-based authentication. Requires precise timing measurements and local access.\\\",\\n \\\"blast_radius\\\": \\\"Limited to systems where an attacker has local access and can observe timing; high impact within secure enclaves (SGX, TrustZone) where the OS is untrusted.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to High attack complexity and Local access requirements. Risk elevates to high in secure enclave deployments or if Mbed TLS is used in multi-tenant/cloud environments with local adversaries. Key recovery compromises long-term confidentiality of RSA-protected data.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"ARM Mbed TLS\\\"],\\n \\\"affected_versions\\\": \\\"All versions before 3.0.0, 2.27.0, or 2.16.11\\\",\\n \\\"fixed_versions\\\": \\\"3.0.0, 2.27.0, 2.16.11\\\",\\n \\\"configuration_dependencies\\\": \\\"Vulnerability manifests during RSA operations (e.g., key generation, signing, decryption). Exploitation requires local timing observation capabilities.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Low direct relevance unless Mbed TLS is used in internet-facing services hosted in untrusted environments (e.g., cloud VMs with local adversaries). Primarily concerns secure enclave deployments.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Secure Enclave Key Extraction\\\",\\n \\\"attacker_goal\\\": \\\"Recover RSA private keys from a secure enclave (SGX or TrustZone) by observing timing variations.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker gains low-privilege local access to a system running Mbed TLS within a secure enclave.\\\", \\\"Attacker performs precise timing measurements during RSA operations (e.g., signing) by monitoring cache or memory access patterns.\\\", \\\"Attacker analyzes timing data to infer private key bits through side-channel leakage in mbedtls_mpi_exp_mod().\\\"],\\n \\\"likely_targets\\\": \\\"Systems using Mbed TLS in secure enclaves (SGX, TrustZone) for RSA operations; cloud VMs with untrusted hypervisors or co-located adversaries.\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Cross-Tenant Key Recovery in Cloud\\\",\\n \\\"attacker_goal\\\": \\\"Extract RSA private keys from a co-located cloud instance by observing shared hardware timing side-channels.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker provisions a VM on the same physical host as a target using Mbed TLS for RSA operations.\\\", \\\"Attacker uses shared hardware (e.g., cache, memory bus) to measure timing variations during target's RSA operations.\\\", \\\"Attacker applies side-channel analysis to recover private keys and compromises RSA-protected communications or authentication.\\\"],\\n \\\"likely_targets\\\": \\\"Cloud-deployed services using Mbed TLS for RSA; multi-tenant environments without strict side-channel protections.\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade Mbed TLS to version 3.0.0, 2.27.0, or 2.16.11 immediately to address the timing side-channel in mbedtls_mpi_exp_mod().\\\",\\n \\\"Isolate Mbed TLS RSA operations in trusted execution environments with side-channel protections (e.g., constant-time implementations, hardware mitigations) if patching is delayed.\\\",\\n \\\"Audit and restrict local access to systems using Mbed TLS, especially in cloud or multi-tenant deployments, to reduce exposure to timing observation attacks.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Implement constant-time RSA implementations or use hardware acceleration with side-channel resistance. Disable RSA in favor of ECC if feasible and not vulnerable.\\\",\\n \\\"patching_notes\\\": \\\"Patches are available in Mbed TLS 3.0.0, 2.27.0, and 2.16.11. Test patches in non-production environments to ensure compatibility with existing RSA workflows.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify Mbed TLS version is 3.0.0, 2.27.0, or 2.16.11 using version inspection commands or library checks.\\\",\\n \\\"Review RSA usage in codebase to confirm no custom implementations reintroduce timing vulnerabilities.\\\",\\n \\\"Conduct side-channel testing (e.g., timing analysis) in secure enclave deployments to validate patch effectiveness.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Rollback to vulnerable versions is not recommended due to key recovery risk. If rollback is necessary, isolate affected systems and restrict local access until patching is reapplied.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for anomalous local timing measurements or memory access patterns during RSA operations (e.g., via performance counters or EDR telemetry).\\\",\\n \\\"Hunt for unexpected processes with low privileges accessing cryptographic libraries or secure enclave interfaces.\\\",\\n \\\"Search logs for RSA key generation, signing, or decryption events followed by unusual outbound connections or data exfiltration.\\\",\\n \\\"Use side-channel detection tools (e.g., CacheAudit, SGXBounds) to identify timing leakage in enclave deployments.\\\",\\n \\\"Alert on failed or repeated RSA operations that could indicate key recovery attempts.\\\",\\n \\\"Correlate network traffic with RSA operations to detect post-exploitation use of recovered keys (e.g., unauthorized authentication or decryption).\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00050\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Mbed TLS is a widely used cryptographic library; key recovery could impact downstream applications relying on RSA for security.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Vendor advisory link\\\", \\\"Detailed patch release notes\\\", \\\"Evidence of in-the-wild exploitation\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS score discrepancy: cves_euvd reports 0.0400, while cves_epss reports 0.00050. Using cves_epss value as authoritative source.\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed 'Low' privileges required based on CVSS PR:L metric.\\\", \\\"Assumed secure enclave (SGX, TrustZone) as primary exploitation context based on description.\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear, but lack of vendor advisory and exploitation evidence limits confidence in real-world risk.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://github.com/ARMmbed/mbedtls/releases/\\\",\\n \\\"https://kouzili.com/Load-Step.pdf\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"100\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2021-45450\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2021-45450\\\",\\n \\\"title\\\": \\\"Mbed TLS Policy Bypass and Oracle-Based Decryption Vulnerability\\\",\\n \\\"short_description\\\": \\\"Mbed TLS versions before 2.28.0 and 3.x before 3.1.0 contain a vulnerability in psa_cipher_generate_iv and psa_cipher_encrypt functions that allows policy bypass or oracle-based decryption when output buffers reside in memory locations accessible to untrusted applications.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability enables attackers to bypass cryptographic policy enforcement and potentially decrypt sensitive data through oracle attacks, compromising the confidentiality guarantees provided by Mbed TLS cryptographic operations. The network-accessible nature (AV:N) with no authentication requirements makes this particularly dangerous for exposed services using vulnerable Mbed TLS versions.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"7.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\\\",\\n \\\"severity_label\\\": \\\"HIGH\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-311: Missing Encryption of Sensitive Data\\\", \\\"CWE-326: Inadequate Encryption Strength\\\"],\\n \\\"weakness_summary\\\": \\\"The vulnerability allows policy bypass and oracle-based decryption attacks when output buffers for psa_cipher_generate_iv and psa_cipher_encrypt are accessible to untrusted applications, undermining cryptographic confidentiality guarantees.\\\",\\n \\\"attack_surface\\\": \\\"Cryptographic API functions (psa_cipher_generate_iv, psa_cipher_encrypt) in applications using Mbed TLS for encryption operations, particularly those with shared memory spaces between trusted and untrusted components.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires network access to applications using vulnerable Mbed TLS versions, with low attack complexity and no authentication or user interaction needed. The attacker must be able to access memory locations where output buffers reside.\\\",\\n \\\"evidence_signals\\\": [\\\"CVSS 3.1 base score 7.5 (HIGH)\\\", \\\"Network attack vector with no authentication required\\\", \\\"Low attack complexity per CVSS metrics\\\", \\\"EPSS score 0.00052 (low exploitation probability)\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes (AV:N)\\\",\\n \\\"authentication_required\\\": \\\"No (PR:N)\\\",\\n \\\"user_interaction_required\\\": \\\"No (UI:N)\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low (AC:L)\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"High - Urgent Verification\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"High severity cryptographic vulnerability affecting core encryption functions with network-accessible attack surface. While EPSS suggests low current exploitation, the potential impact on data confidentiality warrants immediate inventory and verification of Mbed TLS usage across the enterprise.\\\",\\n \\\"recommended_sla\\\": \\\"Verify affected systems within 72 hours; apply patches within 30 days or implement compensating controls\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"High confidentiality impact with no integrity or availability impact. Successful exploitation could lead to unauthorized access to encrypted data through policy bypass or oracle-based decryption attacks.\\\",\\n \\\"technical_impact_details\\\": \\\"Attackers can potentially decrypt sensitive data by exploiting the oracle-based decryption vulnerability or bypass cryptographic policy enforcement mechanisms. The vulnerability affects core cipher operations (IV generation and encryption) in the PSA Crypto API.\\\",\\n \\\"blast_radius\\\": \\\"Medium to High - affects all applications using vulnerable Mbed TLS versions for cryptographic operations, particularly those with shared memory architectures or exposed cryptographic services. Fedora distributions 36 and 37 are also affected.\\\",\\n \\\"business_risk_rating\\\": \\\"4\\\",\\n \\\"business_risk_justification\\\": \\\"High confidentiality risk for any systems processing sensitive data with vulnerable Mbed TLS versions. The network-accessible nature increases exposure likelihood, though specific exploitation requires memory access conditions that may not be present in all deployments.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"ARM Mbed TLS\\\", \\\"Fedora 36\\\", \\\"Fedora 37\\\"],\\n \\\"affected_versions\\\": \\\"Mbed TLS versions before 2.28.0 and 3.x before 3.1.0; Fedora 36 and 37 distributions\\\",\\n \\\"fixed_versions\\\": \\\"Mbed TLS 2.28.0 and 3.1.0\\\",\\n \\\"configuration_dependencies\\\": \\\"Applications must use psa_cipher_generate_iv or psa_cipher_encrypt functions with output buffers in memory locations accessible to untrusted applications for vulnerability to be exploitable.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High - network-accessible applications using vulnerable Mbed TLS versions are directly exposed to potential exploitation without authentication requirements.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Oracle-Based Decryption Attack\\\",\\n \\\"attacker_goal\\\": \\\"Decrypt sensitive encrypted data without proper authorization\\\",\\n \\\"steps_high_level\\\": [\\\"Identify target application using vulnerable Mbed TLS version with network-accessible cryptographic services\\\", \\\"Craft requests that manipulate output buffer memory locations accessible to untrusted components\\\", \\\"Observe cryptographic operation behavior to construct decryption oracle\\\", \\\"Use oracle to decrypt target ciphertext through iterative attacks\\\"],\\n \\\"likely_targets\\\": \\\"Network-accessible services performing encryption/decryption operations, particularly those with shared memory spaces between trusted and untrusted application components\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Cryptographic Policy Bypass\\\",\\n \\\"attacker_goal\\\": \\\"Bypass security policies enforced through Mbed TLS PSA Crypto API\\\",\\n \\\"steps_high_level\\\": [\\\"Identify applications using Mbed TLS PSA Crypto API with policy enforcement\\\", \\\"Exploit vulnerable psa_cipher_generate_iv or psa_cipher_encrypt functions\\\", \\\"Manipulate output buffer memory locations to bypass policy checks\\\", \\\"Perform cryptographic operations that would normally be restricted by policy\\\"],\\n \\\"likely_targets\\\": \\\"Applications with complex cryptographic policy requirements, secure boot implementations, or cryptographic access control mechanisms\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Compensating Controls\\\",\\n \\\"mitigation_action\\\": [\\\"Upgrade Mbed TLS to version 2.28.0 or 3.1.0 immediately for all affected systems and applications\\\", \\\"Implement network segmentation and access controls to limit exposure of cryptographic services to untrusted networks\\\", \\\"Audit application memory management to ensure cryptographic output buffers are not accessible to untrusted components\\\"],\\n \\\"workarounds\\\": \\\"Restrict network access to applications using Mbed TLS cryptographic services; implement additional memory protection mechanisms to isolate cryptographic buffers from untrusted components\\\",\\n \\\"patching_notes\\\": \\\"Patches available in Mbed TLS 2.28.0 and 3.1.0 releases. Fedora users should update system packages. Test cryptographic functionality after patching to ensure compatibility.\\\",\\n \\\"verification_steps\\\": [\\\"Inventory all systems and applications using Mbed TLS, checking versions against affected range\\\", \\\"Verify patch application by confirming Mbed TLS version is 2.28.0+ or 3.1.0+\\\", \\\"Test cryptographic operations to ensure functionality remains intact after patching\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain pre-patch backups and test rollback procedures. Monitor for any performance or compatibility issues post-patch that might necessitate rollback.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for unusual cryptographic API usage patterns, particularly multiple failed psa_cipher operations\\\",\\n \\\"Hunt for network traffic patterns suggesting oracle attack behavior (repeated similar requests with small variations)\\\",\\n \\\"Implement EDR monitoring for memory access patterns around cryptographic buffer locations\\\",\\n \\\"Search logs for applications using Mbed TLS versions in the vulnerable range\\\",\\n \\\"Monitor for unexpected policy bypass events in applications using PSA Crypto API\\\",\\n \\\"Hunt for processes with unusual memory read patterns targeting cryptographic function output buffers\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00052\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - Mbed TLS is widely used in embedded systems and IoT devices; vulnerability could affect multiple downstream products and services\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed technical exploit documentation\\\", \\\"Vendor-specific advisory details beyond release notes\\\", \\\"Information about real-world exploitation attempts\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS scores show discrepancy: 0.0700 vs 0.00052 - using 0.00052 as it's from dedicated EPSS source with more recent date\\\", \\\"Limited information about specific memory access conditions required for exploitation\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed network-accessible applications are primary concern based on AV:N rating\\\", \\\"Interpreted 'memory locations accessible to untrusted application' as shared memory architectures or insufficient memory protection\\\"],\\n \\\"confidence\\\": \\\"Medium-High - Core vulnerability details and affected versions are clear, but specific exploitation mechanics and real-world impact scenarios require additional technical analysis\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.0\\\",\\n \\\"https://github.com/ARMmbed/mbedtls/releases/tag/v3.1.0\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"101\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2021-45451\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2021-45451\\\",\\n \\\"title\\\": \\\"Mbed TLS psa_aead_generate_nonce Policy Bypass and Oracle-Based Decryption Vulnerability\\\",\\n \\\"short_description\\\": \\\"In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows an untrusted application to bypass PSA cryptographic policy enforcement or perform oracle-based decryption attacks by manipulating nonce generation output buffers. The impact includes unauthorized access to encrypted data through cryptographic oracle attacks and policy enforcement failures in PSA security domains.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"7.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\\\",\\n \\\"severity_label\\\": \\\"HIGH\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"Not available / Not specified in input data\\\"],\\n \\\"weakness_summary\\\": \\\"The vulnerability involves improper access control in PSA AEAD nonce generation where output buffer memory locations accessible to untrusted applications enable policy bypass and cryptographic oracle attacks.\\\",\\n \\\"attack_surface\\\": \\\"PSA Cryptographic API (psa_aead_generate_nonce function) in Mbed TLS library implementations\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Network-accessible, authentication-not-required vulnerability with low attack complexity. Exploitation requires an untrusted application to have access to the output buffer memory locations used by psa_aead_generate_nonce.\\\",\\n \\\"evidence_signals\\\": [\\\"No explicit evidence of in-the-wild exploitation found in input data\\\", \\\"EPSS score indicates low exploitation prevalence (0.00080)\\\", \\\"Vulnerability published December 2021 with subsequent Fedora package updates\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Network\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"High - Urgent Verification\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"High CVSS score (7.5) with confidentiality impact only, but involves cryptographic policy bypass. Requires immediate inventory of Mbed TLS usage in PSA-enabled applications and assessment of nonce generation exposure points.\\\",\\n \\\"recommended_sla\\\": \\\"Initial assessment within 24 hours; patch deployment within 7-14 days depending on deployment complexity\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"High confidentiality impact with no integrity or availability impact. Successful exploitation enables unauthorized decryption of protected data through cryptographic oracle attacks.\\\",\\n \\\"technical_impact_details\\\": \\\"Attackers can bypass PSA cryptographic policy enforcement and perform oracle-based decryption when output buffers are accessible. This could lead to exposure of sensitive encrypted data without proper authorization.\\\",\\n \\\"blast_radius\\\": \\\"Moderate to high depending on deployment scope. Affects all Mbed TLS versions before 3.1.0, particularly in environments using PSA cryptographic APIs with shared memory spaces between trusted and untrusted applications.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"While the CVSS score is high (7.5), the vulnerability requires specific memory access conditions and only affects confidentiality. The EPSS score (0.00080) suggests low current exploitation prevalence. Risk is elevated in multi-tenant environments or systems with mixed trust levels accessing PSA APIs.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"ARM Mbed TLS\\\", \\\"Fedora 36\\\", \\\"Fedora 37\\\"],\\n \\\"affected_versions\\\": \\\"Mbed TLS versions before 3.1.0\\\",\\n \\\"fixed_versions\\\": \\\"Mbed TLS 3.1.0 and later\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires PSA cryptographic API usage with psa_aead_generate_nonce function and output buffers accessible to untrusted applications\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High relevance for internet-facing services using Mbed TLS with PSA APIs, particularly in cloud or multi-tenant environments\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Cryptographic Oracle Attack via Nonce Manipulation\\\",\\n \\\"attacker_goal\\\": \\\"Decrypt protected data without authorization\\\",\\n \\\"steps_high_level\\\": [\\\"Untrusted application gains access to psa_aead_generate_nonce output buffer memory\\\", \\\"Attacker observes or manipulates nonce values through shared memory access\\\", \\\"Use nonce observations to perform oracle-based decryption of AEAD-protected data\\\"],\\n \\\"likely_targets\\\": \\\"Multi-tenant cloud applications, embedded systems with mixed trust levels, services using PSA cryptographic APIs\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"PSA Policy Bypass Attack\\\",\\n \\\"attacker_goal\\\": \\\"Bypass cryptographic policy enforcement\\\",\\n \\\"steps_high_level\\\": [\\\"Identify PSA policy-protected operations using AEAD with nonce generation\\\", \\\"Exploit buffer accessibility to influence nonce generation behavior\\\", \\\"Bypass intended cryptographic restrictions through policy enforcement failure\\\"],\\n \\\"likely_targets\\\": \\\"Systems with PSA security domains, trusted execution environments, secure boot implementations\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Hardening\\\",\\n \\\"mitigation_action\\\": [\\\"Upgrade Mbed TLS to version 3.1.0 or later immediately to address the vulnerability in psa_aead_generate_nonce.\\\", \\\"Implement memory isolation controls to prevent untrusted applications from accessing PSA API output buffers.\\\", \\\"Review and audit all PSA cryptographic API usage to identify potential exposure points and apply principle of least privilege.\\\"],\\n \\\"workarounds\\\": \\\"Restrict untrusted application access to PSA cryptographic API memory spaces through memory protection mechanisms and sandboxing until patching can be completed.\\\",\\n \\\"patching_notes\\\": \\\"Mbed TLS 3.1.0 contains the fix. Fedora distributions have updated packages available. Test cryptographic functionality thoroughly after upgrade to ensure compatibility.\\\",\\n \\\"verification_steps\\\": [\\\"Verify Mbed TLS version is 3.1.0 or later using version inspection tools or library queries.\\\", \\\"Test PSA AEAD operations to confirm nonce generation functions properly without exposing buffers.\\\", \\\"Validate that untrusted applications cannot access PSA API memory spaces through memory inspection tools.\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain previous Mbed TLS version backups and test rollback procedures. Document any configuration changes made during upgrade for potential reversal needs.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for unexpected memory access patterns to PSA API buffers using EDR or memory protection tools\\\",\\n \\\"Hunt for anomalous nonce values or patterns in AEAD operations through cryptographic audit logs\\\",\\n \\\"Detect unauthorized attempts to access PSA cryptographic contexts or memory regions\\\",\\n \\\"Search for applications with elevated memory permissions attempting to read PSA API output buffers\\\",\\n \\\"Monitor for policy bypass events in PSA security domain logs\\\",\\n \\\"Hunt for decryption operations that bypass normal authentication or authorization flows\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"No evidence of active exploitation found in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00080\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - Mbed TLS is widely used in embedded systems and IoT devices. Vulnerability could affect downstream products relying on vulnerable library versions.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"CWE identification\\\", \\\"Detailed vendor advisory link\\\", \\\"Complete affected version ranges beyond 'before 3.1.0'\\\", \\\"Explicit exploitability details\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS score discrepancy: cves_euvd shows 0.1200 while cves_epss shows 0.00080 - using cves_epss value as more specific source\\\", \\\"Limited details on exact memory access conditions required for exploitation\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed 'oracle-based decryption' refers to cryptographic oracle attacks\\\", \\\"Interpreted 'policy bypass' as PSA security policy enforcement failure\\\", \\\"Assumed network accessibility based on CVSS AV:N metric\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear but specific exploitation mechanics and memory access requirements lack detailed documentation in available sources.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://github.com/ARMmbed/mbedtls/releases/tag/v3.1.0\\\",\\n \\\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IL66WKJGXY5AXMTFE7QDMGL3RIBD6PX5/\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"103\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2022-46392\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2022-46392\\\",\\n \\\"title\\\": \\\"Mbed TLS RSA Private Key Recovery via Side-Channel Attack\\\",\\n \\\"short_description\\\": \\\"Mbed TLS versions before 2.28.2 and 3.x before 3.3.0 contain a side-channel vulnerability in RSA private-key operations. An adversary with precise memory access observation capabilities (e.g., an untrusted OS attacking a secure enclave) can recover the full RSA private key after observing a single private-key operation when the window size (MBEDTLS_MPI_WINDOW_SIZE) is 3 or smaller.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability enables complete RSA private key recovery through side-channel observation, compromising the confidentiality of encrypted communications and authentication mechanisms. While exploitation requires precise memory access monitoring (typically in secure enclave scenarios), successful attacks result in irreversible cryptographic compromise requiring full key rotation and certificate reissuance. The vulnerability affects embedded systems, IoT devices, and trusted execution environments where Mbed TLS is widely deployed.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"5.3\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-203: Observable Discrepancy\\\"],\\n \\\"weakness_summary\\\": \\\"Side-channel information leakage in RSA exponentiation implementation allows key recovery through memory access pattern analysis. The windowed exponentiation method leaks sufficient information about the private key when the window size parameter is configured at 3 or smaller.\\\",\\n \\\"attack_surface\\\": \\\"Cryptographic operations during RSA decryption and signing. Primary exposure in secure enclaves, trusted execution environments, and systems where attackers can observe memory access patterns through shared hardware resources.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires precise memory access observation capabilities, typically achievable only by privileged adversaries (untrusted OS, hypervisors, or co-located processes with side-channel measurement access). Single observation of private-key operation suffices for key recovery when window size ≤ 3.\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of in-the-wild exploitation found in input data\\\", \\\"Vendor released patches in version 2.28.2 and 3.3.0\\\", \\\"EPSS score indicates low widespread exploitation likelihood\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Not required (local side-channel observation)\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"Required (victim must perform private-key operation)\\\",\\n \\\"privileges_required\\\": \\\"High (ability to observe precise memory access patterns)\\\",\\n \\\"attack_complexity\\\": \\\"High (requires specialized side-channel measurement capabilities)\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity due to high attack complexity and specialized exploitation requirements. However, successful exploitation results in complete RSA key compromise, requiring patching in all environments with exposure to privileged adversaries or shared hardware. Priority elevated for secure enclave deployments, cloud environments with shared tenancy, and systems handling sensitive cryptographic material.\\\",\\n \\\"recommended_sla\\\": \\\"90 days for general systems; 30 days for secure enclaves and high-security environments\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"High confidentiality impact with no integrity or availability impact. Complete RSA private key recovery enables decryption of captured traffic, impersonation attacks, and bypass of authentication mechanisms.\\\",\\n \\\"technical_impact_details\\\": \\\"Full RSA private key extraction after single observation. Requires key invalidation, certificate reissuance, and potential re-encryption of stored data. No system compromise or code execution.\\\",\\n \\\"blast_radius\\\": \\\"Limited to systems with MBEDTLS_MPI_WINDOW_SIZE ≤ 3 and exposure to side-channel observers. Affects secure enclaves, IoT devices, embedded systems, and cloud instances with shared hardware.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to specialized exploitation requirements limiting widespread attacks. However, successful exploitation in secure enclaves or multi-tenant environments could compromise sensitive data protection, regulatory compliance (GDPR, HIPAA), and authentication infrastructure. Risk elevated for organizations using trusted execution environments or handling long-term sensitive encrypted data.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Arm Mbed TLS\\\", \\\"Fedora 36\\\", \\\"Fedora 37\\\"],\\n \\\"affected_versions\\\": \\\"Mbed TLS < 2.28.2, Mbed TLS 3.x < 3.3.0, Fedora 36 and 37 distributions\\\",\\n \\\"fixed_versions\\\": \\\"Mbed TLS 2.28.2, Mbed TLS 3.3.0\\\",\\n \\\"configuration_dependencies\\\": \\\"MBEDTLS_MPI_WINDOW_SIZE must be ≤ 3 for vulnerability exposure. Default configurations may be affected.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Indirect relevance - systems exposed to untrusted OS/hypervisors (cloud instances, secure enclaves) are at higher risk than internet-facing services alone.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Cloud Tenant RSA Key Extraction\\\",\\n \\\"attacker_goal\\\": \\\"Recover RSA private keys from co-located cloud instances to decrypt captured TLS traffic or impersonate services\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker provisions instance on shared hardware with target\\\", \\\"Monitor memory access patterns during target's RSA operations using side-channel techniques\\\", \\\"Analyze memory access patterns to reconstruct full RSA private key\\\", \\\"Use recovered key to decrypt historical traffic or forge signatures\\\"],\\n \\\"likely_targets\\\": \\\"Cloud-hosted services using Mbed TLS with RSA authentication, secure enclaves processing sensitive data\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Secure Enclave Compromise\\\",\\n \\\"attacker_goal\\\": \\\"Extract cryptographic keys from trusted execution environments to bypass security boundaries\\\",\\n \\\"steps_high_level\\\": [\\\"Compromise untrusted OS hosting secure enclave\\\", \\\"Leverage privileged access to measure enclave memory access patterns\\\", \\\"Trigger enclave RSA operation and capture side-channel data\\\", \\\"Recover private key and exfiltrate enclave-protected secrets\\\"],\\n \\\"likely_targets\\\": \\\"Applications using Intel SGX, ARM TrustZone, or similar TEE technologies with Mbed TLS cryptographic operations\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Update\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade Mbed TLS to version 2.28.2 or 3.3.0 immediately, prioritizing systems in shared tenancy environments or using secure enclaves.\\\",\\n \\\"Review and update MBEDTLS_MPI_WINDOW_SIZE configuration to value > 3 if immediate patching is not feasible, understanding this may impact performance.\\\",\\n \\\"Rotate all RSA keys that were used on vulnerable versions, revoke associated certificates, and re-issue new certificates with fresh key material.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Increase MBEDTLS_MPI_WINDOW_SIZE to 4 or higher (performance trade-off). Isolate cryptographic operations from potential side-channel observers through hardware separation or dedicated security modules.\\\",\\n \\\"patching_notes\\\": \\\"Patches modify the RSA exponentiation implementation to prevent key recovery through side-channel analysis. Verify window size configuration post-update. Test performance impact in resource-constrained environments.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify Mbed TLS version is ≥ 2.28.2 or ≥ 3.3.0 using version inspection commands or library introspection.\\\",\\n \\\"Confirm MBEDTLS_MPI_WINDOW_SIZE configuration in mbedtls_config.h or build configuration.\\\",\\n \\\"Perform key rotation for all RSA keys used on previously vulnerable versions and update certificate trust stores.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Rollback to vulnerable versions should only occur if patching causes critical functionality issues. If rollback is necessary, implement strict isolation from potential side-channel observers and accelerate re-patching timeline.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for unexpected RSA key usage patterns or certificate validation failures indicating potential key compromise\\\",\\n \\\"Implement HSM/key management system alerts for unusual RSA operation patterns or key access frequency\\\",\\n \\\"Deploy side-channel detection mechanisms in cloud/multi-tenant environments to identify anomalous memory access monitoring behavior\\\",\\n \\\"Hunt for TLS decryption failures or signature verification anomalies that could indicate key material compromise\\\",\\n \\\"Monitor certificate transparency logs for unauthorized certificate issuance using potentially compromised keys\\\",\\n \\\"Implement network monitoring for outbound connections from cryptographic processing systems to detect key exfiltration attempts\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00146 (0.1300 in alternative source - conflict noted)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - Mbed TLS is widely used in embedded systems, IoT devices, and as a cryptographic library dependency. Compromise could affect multiple downstream products and supply chain integrity.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed affected version ranges for Fedora distributions\\\", \\\"Vendor-specific advisory links beyond GitHub releases\\\", \\\"Information about default MBEDTLS_MPI_WINDOW_SIZE values\\\", \\\"CISA KEV status determination\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS scores conflict between sources (0.00146 vs 0.1300) - using lower value as primary\\\", \\\"Severity label 'MEDIUM' conflicts with potential high impact of key recovery - reflects CVSS score but business impact may be higher\\\", \\\"Affected products list includes operating systems (Fedora) without specifying Mbed TLS package versions\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed MBEDTLS_MPI_WINDOW_SIZE ≤ 3 is required based on description\\\", \\\"Interpreted 'single private-key operation' as meaning one successful observation suffices\\\", \\\"Assumed secure enclaves and cloud multi-tenancy as primary risk scenarios based on attack prerequisites\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear, but missing configuration specifics and exploitation evidence limit precise risk assessment. EPSS score conflict reduces confidence in exploitation likelihood estimates.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2\\\",\\n \\\"https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"107\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2023-52353\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2023-52353\\\",\\n \\\"title\\\": \\\"Mbed TLS TLS Version Downgrade Vulnerability\\\",\\n \\\"short_description\\\": \\\"Mbed TLS through 3.5.1 mishandles the maximum negotiable TLS version in mbedtls_ssl_session_reset, causing the last negotiated TLS version (e.g., 1.2) to become the new maximum for subsequent connections, enabling TLS version downgrade attacks.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows attackers to force TLS connections to use older, less secure TLS versions (e.g., TLS 1.2 instead of 1.3), weakening cryptographic protections and potentially enabling downgrade-to-weak-cipher attacks. It affects the core TLS session management in Mbed TLS, a widely used cryptographic library in embedded systems and IoT devices.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"7.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\\\",\\n \\\"severity_label\\\": \\\"HIGH\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"Not available / Not specified in input data\\\"],\\n \\\"weakness_summary\\\": \\\"TLS version downgrade vulnerability in session reset logic where the maximum negotiable TLS version is incorrectly persisted from previous connections.\\\",\\n \\\"attack_surface\\\": \\\"Network-exposed TLS connections using Mbed TLS library; affects both client and server implementations during session resets.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Attack complexity is low with no authentication or user interaction required, but exploitation requires network access and ability to influence TLS version negotiation during session resets.\\\",\\n \\\"evidence_signals\\\": [\\\"No explicit evidence of in-the-wild exploitation\\\", \\\"EPSS score indicates low current exploitation likelihood (0.00052)\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"High CVSS score (7.5) with integrity impact but no confidentiality/availability compromise. EPSS indicates low current exploitation. Requires network access and specific session reset conditions. Priority: patch during next maintenance window for systems using Mbed TLS.\\\",\\n \\\"recommended_sla\\\": \\\"30-60 days for internet-facing systems; 90 days for internal systems\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Integrity compromise through TLS version downgrade; no direct confidentiality or availability impact.\\\",\\n \\\"technical_impact_details\\\": \\\"Attackers can force connections to use weaker TLS versions (e.g., TLS 1.2 instead of 1.3), potentially enabling cryptographic attacks against older cipher suites and reducing overall connection security.\\\",\\n \\\"blast_radius\\\": \\\"Moderate - affects all systems using vulnerable Mbed TLS versions for TLS connections; particularly impactful for internet-facing services and embedded/IoT devices.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to cryptographic weakening without direct data exposure. Risk increases for organizations with regulatory compliance requirements (e.g., PCI-DSS, HIPAA) that mandate strong TLS configurations.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Arm Mbed TLS\\\"],\\n \\\"affected_versions\\\": \\\"Through 3.5.1\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires Mbed TLS library usage with TLS session reset functionality; affects both client and server implementations.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High - internet-facing TLS services using Mbed TLS are directly exposed to downgrade attacks.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"TLS Version Downgrade Attack\\\",\\n \\\"attacker_goal\\\": \\\"Force TLS connections to use weaker TLS 1.2 instead of 1.3\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker establishes initial TLS 1.2 connection to target server\\\", \\\"Server performs mbedtls_ssl_session_reset, persisting TLS 1.2 as maximum\\\", \\\"Subsequent connection attempts are limited to TLS 1.2 maximum\\\", \\\"Attacker exploits weaker cryptographic properties of TLS 1.2\\\"],\\n \\\"likely_targets\\\": \\\"Internet-facing HTTPS servers, API endpoints, and embedded devices using Mbed TLS\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Man-in-the-Middle Downgrade\\\",\\n \\\"attacker_goal\\\": \\\"Intercept and downgrade TLS connections to enable cryptographic attacks\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker positions as MITM between client and server\\\", \\\"Forces initial TLS 1.2 handshake\\\", \\\"Exploits session reset vulnerability to maintain downgraded state\\\", \\\"Leverages TLS 1.2 weaknesses for further attacks\\\"],\\n \\\"likely_targets\\\": \\\"Network segments with potential MITM access; public WiFi networks, shared infrastructure\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Hardening\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade Mbed TLS to version 3.5.2 or later (check vendor advisory for exact fixed version).\\\",\\n \\\"Implement TLS configuration hardening to explicitly set minimum TLS version to 1.3 where supported.\\\",\\n \\\"Deploy network monitoring to detect TLS version downgrade attempts and anomalous handshake patterns.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Configure applications to explicitly set TLS version requirements rather than relying on automatic negotiation.\\\",\\n \\\"patching_notes\\\": \\\"Verify patch compatibility with existing applications; test in development environment before production deployment.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify Mbed TLS library version is 3.5.2 or later using version inspection tools.\\\",\\n \\\"Test TLS handshake negotiation to confirm TLS 1.3 is available and preferred.\\\",\\n \\\"Monitor for TLS version downgrade events in network traffic logs.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous Mbed TLS library version; ensure application compatibility before patching.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor TLS handshake logs for version downgrade patterns (TLS 1.3 -> 1.2 transitions)\\\",\\n \\\"Alert on repeated session resets followed by lower TLS version negotiation\\\",\\n \\\"Hunt for MITM attack indicators combined with TLS version anomalies\\\",\\n \\\"Analyze network traffic for unexpected TLS cipher suite changes\\\",\\n \\\"Monitor for SSL/TLS inspection bypass attempts\\\",\\n \\\"Correlate with threat intelligence on known TLS downgrade attack tools\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00052\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - Mbed TLS is widely used in embedded systems and IoT devices; vulnerability affects cryptographic foundation of secure communications.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"CWE identifiers\\\", \\\"Exact fixed version information\\\", \\\"Vendor advisory details\\\", \\\"CISA KEV status\\\", \\\"Exploit availability confirmation\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"Duplicate GitHub issue references in source data\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed 'through 3.5.1' means 3.5.2+ contains fix\\\", \\\"Inferred attack scenarios based on TLS downgrade vulnerability class\\\", \\\"Estimated business risk based on cryptographic impact without direct data exposure\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details confirmed through CVE description and CVSS metrics, but missing vendor advisory and CWE classification reduces confidence in complete assessment.\\\"\\n },\\n\\n \\\"references\\\": [\\\"https://github.com/Mbed-TLS/mbedtls/issues/8654\\\"],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"108\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2024-23170\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2024-23170\\\",\\n \\\"title\\\": \\\"Mbed TLS RSA Private Key Timing Side-Channel Vulnerability (Marvin Attack)\\\",\\n \\\"short_description\\\": \\\"Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2 contain a timing side channel in RSA private operations that could allow a local attacker to recover plaintext by observing timing variations during decryption operations.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability enables local attackers to extract RSA-encrypted plaintext through timing side-channel analysis. While it requires local access and repeated decryption attempts, it directly undermines cryptographic confidentiality guarantees. The attack is practical in shared environments (containers, virtual machines, shared hosting) where an attacker can co-locate and measure timing. It aligns with the 'Everlasting ROBOT: the Marvin Attack' research, indicating a well-understood cryptanalytic technique. Organizations using affected Mbed TLS versions for RSA decryption in multi-tenant or shared environments face meaningful plaintext disclosure risk.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"5.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-203: Observable Discrepancy\\\"],\\n \\\"weakness_summary\\\": \\\"Timing side channel in RSA private key operations allows plaintext recovery through statistical analysis of decryption timing variations.\\\",\\n \\\"attack_surface\\\": \\\"Local access to the process performing RSA decryption; requires ability to submit many ciphertexts and measure operation timing.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Local attacker with low privileges can recover plaintext by sending many messages for decryption and analyzing timing differences. No public PoC or in-the-wild exploitation is indicated in input data.\\\",\\n \\\"evidence_signals\\\": [\\\"Academic/research basis (Marvin Attack)\\\", \\\"CVSS 3.1 AV:L/AC:L/PR:L indicates local access with low complexity\\\", \\\"EPSS score 0.00175 (low) suggests limited current exploitation\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"No (local only)\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"Low\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity timing side channel requiring local access and repeated decryption attempts. No evidence of active exploitation. Priority is to patch during next maintenance window, with elevated urgency if Mbed TLS is used in shared/multi-tenant environments.\\\",\\n \\\"recommended_sla\\\": \\\"90 days (standard patching cycle); reduce to 30 days if used in high-risk shared environments\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Confidentiality impact is High (plaintext recovery); Integrity and Availability are None.\\\",\\n \\\"technical_impact_details\\\": \\\"Attackers can recover RSA-encrypted plaintext through timing analysis. Requires co-location on the same system and ability to submit many ciphertexts for decryption. The attack is non-invasive but methodical.\\\",\\n \\\"blast_radius\\\": \\\"Limited to systems running affected Mbed TLS versions with RSA decryption operations. Higher risk in containerized, virtualized, or shared hosting environments where attackers can measure timing.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to local-only access requirement and need for repeated decryption attempts. Risk elevates significantly in multi-tenant cloud environments, shared hosting, or container platforms where timing measurements are feasible. Organizations with strict data confidentiality requirements (financial, healthcare) should prioritize patching.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Arm Mbed TLS\\\"],\\n \\\"affected_versions\\\": \\\"Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2\\\",\\n \\\"fixed_versions\\\": \\\"Mbed TLS 2.28.7 and 3.5.2\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires RSA private key operations (decryption or signing). Systems using only RSA public key operations or other cryptographic algorithms are not affected.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Low direct relevance (local attack only), but internet-facing services using affected versions in shared hosting/container environments could be indirectly at risk if local compromise occurs.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Container Escape via Timing Side Channel\\\",\\n \\\"attacker_goal\\\": \\\"Recover RSA-encrypted sensitive data from a co-located container\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker gains access to a container sharing hardware with target container\\\", \\\"Attacker repeatedly submits ciphertexts to target's RSA decryption endpoint\\\", \\\"Attacker measures timing variations across decryption operations\\\", \\\"Attacker uses statistical analysis to recover plaintext\\\"],\\n \\\"likely_targets\\\": \\\"Containerized applications performing RSA decryption in multi-tenant Kubernetes/OpenShift environments\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Shared Hosting Plaintext Recovery\\\",\\n \\\"attacker_goal\\\": \\\"Extract confidential data from shared server environment\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker compromises a low-privilege account on shared hosting server\\\", \\\"Attacker identifies processes performing RSA decryption with affected Mbed TLS\\\", \\\"Attacker injects monitoring to measure RSA operation timing\\\", \\\"Attacker systematically recovers plaintext through Marvin attack technique\\\"],\\n \\\"likely_targets\\\": \\\"Shared hosting providers, virtual private servers with multiple tenants\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade Mbed TLS to version 2.28.7 or 3.5.2 immediately to eliminate the timing side channel.\\\",\\n \\\"Isolate RSA decryption operations to dedicated, single-tenant systems where timing measurements cannot be performed by other users.\\\",\\n \\\"Implement constant-time RSA implementations or use hardware acceleration with constant-time guarantees if patching cannot be immediately applied.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Use constant-time RSA implementations; disable RSA decryption in multi-tenant environments; migrate to ECC where possible; use hardware security modules (HSMs) with constant-time operations.\\\",\\n \\\"patching_notes\\\": \\\"Patches are available in Mbed TLS 2.28.7 and 3.5.2. Test patches in non-production environments first. Coordinate with development teams if Mbed TLS is embedded in applications.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify Mbed TLS version with 'mbedtls_version_check()' or package manager query.\\\",\\n \\\"Confirm patch application by checking version string contains '2.28.7' or '3.5.2'.\\\",\\n \\\"Review application logs for any RSA decryption operations and ensure they occur on patched systems.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain pre-patch backups and test rollback procedures. Document any performance impacts from constant-time mitigations.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for unusual volumes of RSA decryption requests from single sources (indicator of timing attack data collection)\\\",\\n \\\"Alert on processes making repeated calls to mbedtls_rsa_private() or similar RSA private key functions\\\",\\n \\\"Hunt for local privilege escalation followed by cryptographic operation monitoring\\\",\\n \\\"Detect timing measurement tools (rdtsc, clock_gettime syscalls) in proximity to RSA operations\\\",\\n \\\"Search logs for failed or repeated authentication attempts using RSA-encrypted credentials\\\",\\n \\\"Monitor container environments for cross-container timing measurement activities\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00175\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - Mbed TLS is embedded in many IoT devices, embedded systems, and applications. Compromise could affect downstream products.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Vendor advisory link\\\", \\\"Detailed technical analysis of the timing leak\\\", \\\"Information about specific configurations that amplify the vulnerability\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS scores differ between sources (0.1800 vs 0.00175) - using 0.00175 as it's from dedicated EPSS source with recent date\\\", \\\"Limited detail on exact RSA operation types affected\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed 'local access' includes container co-location scenarios\\\", \\\"Interpreted 'large number of messages' as practical for determined attackers\\\", \\\"Assumed RSA decryption is the primary affected operation based on Marvin attack context\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear, but limited vendor documentation and exploit specifics reduce confidence in exact attack scenarios.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/\\\",\\n \\\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"116\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2024-45158\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2024-45158\\\",\\n \\\"title\\\": \\\"Mbed TLS 3.6.0 Stack Buffer Overflow in ECDSA Conversion Functions\\\",\\n \\\"short_description\\\": \\\"Stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() when bits parameter exceeds largest supported curve size; affects applications calling these functions directly with PSA disabled.\\\",\\n \\\"why_it_matters\\\": \\\"Critical severity stack buffer overflow allows remote code execution without authentication or user interaction on affected configurations; impacts cryptographic operations in embedded/IoT devices and applications using Mbed TLS directly.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"9.8\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\\\",\\n \\\"severity_label\\\": \\\"CRITICAL\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-121\\\"],\\n \\\"weakness_summary\\\": \\\"Stack-based buffer overflow in ECDSA DER-to-raw and raw-to-DER conversion functions when bits parameter exceeds maximum supported elliptic curve size.\\\",\\n \\\"attack_surface\\\": \\\"Network-accessible applications using Mbed TLS 3.6.0 with PSA disabled that directly invoke affected ECDSA conversion functions.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitable via network without authentication; requires application to call vulnerable functions with oversized bits parameter when PSA is disabled.\\\",\\n \\\"evidence_signals\\\": [\\\"CVSS 9.8 critical rating\\\", \\\"No authentication required\\\", \\\"Low attack complexity\\\", \\\"EPSS score 0.00656 (70th percentile)\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Critical - Patch Immediately\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Critical CVSS 9.8 stack buffer overflow with RCE potential; affects Mbed TLS 3.6.0 in configurations with PSA disabled; patch available in 3.6.1.\\\",\\n \\\"recommended_sla\\\": \\\"72 hours for internet-facing systems; 7 days for internal systems\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Complete system compromise (Confidentiality/Integrity/Availability all High)\\\",\\n \\\"technical_impact_details\\\": \\\"Stack buffer overflow enables remote code execution, potential cryptographic bypass, and complete system compromise without authentication.\\\",\\n \\\"blast_radius\\\": \\\"Medium to High - affects Mbed TLS 3.6.0 users with PSA disabled; common in embedded devices, IoT, and cryptographic applications.\\\",\\n \\\"business_risk_rating\\\": \\\"4\\\",\\n \\\"business_risk_justification\\\": \\\"Critical RCE vulnerability in cryptographic library; impacts device security, data protection, and regulatory compliance; moderate EPSS score suggests exploitation likelihood.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Arm Mbed TLS\\\"],\\n \\\"affected_versions\\\": \\\"3.6.0\\\",\\n \\\"fixed_versions\\\": \\\"3.6.1\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires PSA disabled configuration and application directly calling mbedtls_ecdsa_der_to_raw() or mbedtls_ecdsa_raw_to_der() with oversized bits parameter.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High - network-accessible systems using affected Mbed TLS configuration are directly exposed to remote exploitation.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Remote Code Execution via Malformed ECDSA Conversion\\\",\\n \\\"attacker_goal\\\": \\\"Execute arbitrary code on target system\\\",\\n \\\"steps_high_level\\\": [\\\"Identify target using Mbed TLS 3.6.0 with PSA disabled\\\", \\\"Craft input triggering oversized bits parameter in ECDSA conversion\\\", \\\"Exploit stack buffer overflow to achieve RCE\\\"],\\n \\\"likely_targets\\\": \\\"Internet-facing embedded devices, IoT gateways, cryptographic services\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Cryptographic Bypass and Data Manipulation\\\",\\n \\\"attacker_goal\\\": \\\"Bypass cryptographic protections or manipulate ECDSA signatures\\\",\\n \\\"steps_high_level\\\": [\\\"Exploit buffer overflow to corrupt stack memory\\\", \\\"Manipulate ECDSA signature processing logic\\\", \\\"Bypass signature verification or forge signatures\\\"],\\n \\\"likely_targets\\\": \\\"Applications performing ECDSA signature validation, certificate verification systems\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade Mbed TLS to version 3.6.1 immediately for all affected systems.\\\",\\n \\\"Audit codebase for direct calls to mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() functions.\\\",\\n \\\"Enable PSA configuration if feasible to reduce attack surface.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Avoid direct calls to affected ECDSA conversion functions; validate bits parameter before function invocation; enable PSA configuration.\\\",\\n \\\"patching_notes\\\": \\\"Patch available in Mbed TLS 3.6.1; review release notes for compatibility considerations; test cryptographic functionality post-update.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify Mbed TLS version updated to 3.6.1 using version inspection methods.\\\",\\n \\\"Test ECDSA operations to ensure cryptographic functionality remains intact.\\\",\\n \\\"Review application logs for any anomalous ECDSA conversion attempts.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous Mbed TLS version; test rollback procedures; monitor for performance or compatibility issues post-patch.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for abnormal process crashes or exceptions in applications using Mbed TLS.\\\",\\n \\\"Hunt for network traffic containing malformed ECDSA parameters or oversized bits values.\\\",\\n \\\"Detect anomalous stack pointer behavior or buffer overflow patterns in ECDSA conversion functions.\\\",\\n \\\"Search logs for repeated invocation of mbedtls_ecdsa_der_to_raw() or mbedtls_ecdsa_raw_to_der() with unusual parameters.\\\",\\n \\\"Monitor for unexpected cryptographic failures or signature verification bypasses.\\\",\\n \\\"Hunt for exploitation attempts using known proof-of-concept patterns against CVE-2024-45158.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00656\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - Mbed TLS is widely used in embedded systems and IoT devices; vulnerability affects cryptographic library supply chain.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"CWE mapping\\\", \\\"Detailed vendor advisory link\\\", \\\"Proof-of-concept availability\\\", \\\"CISA KEV status\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS score suggests low exploitation likelihood despite critical CVSS rating\\\"],\\n \\\"assumptions_made\\\": [\\\"Vulnerability primarily affects configurations with PSA disabled\\\", \\\"Internal library calls are not affected\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details confirmed; exploitation specifics and real-world impact require additional intelligence.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://github.com/Mbed-TLS/mbedtls/releases/\\\",\\n \\\"https://mbed-tls.readthedocs.io/en/latest/security-advisories/\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"118\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2024-49195\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2024-49195\\\",\\n \\\"title\\\": \\\"Mbed TLS Buffer Underrun in pkwrite When Writing an Opaque Key Pair\\\",\\n \\\"short_description\\\": \\\"Mbed TLS versions 3.5.x through 3.6.x before 3.6.2 contain a buffer underrun vulnerability in the pkwrite function when writing an opaque key pair. This allows remote attackers to execute arbitrary code or cause a denial of service via network access without authentication or user interaction.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability enables remote code execution in a widely used TLS/cryptographic library with a critical CVSS score of 9.8. Mbed TLS is embedded in IoT devices, network equipment, and enterprise applications, creating a broad attack surface. The buffer underrun can be triggered remotely without authentication, potentially leading to complete system compromise, data exfiltration, or service disruption.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"9.8\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\\\",\\n \\\"severity_label\\\": \\\"CRITICAL\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-124\\\"],\\n \\\"weakness_summary\\\": \\\"Buffer underrun in pkwrite function when handling opaque key pairs, allowing memory corruption and potential RCE.\\\",\\n \\\"attack_surface\\\": \\\"Network-accessible TLS endpoints using Mbed TLS for cryptographic operations, particularly those utilizing opaque key pair functionality.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"High\\\",\\n \\\"exploit_summary\\\": \\\"High likelihood of exploitation due to network-accessible attack vector, no authentication requirements, and buffer underrun leading to memory corruption.\\\",\\n \\\"evidence_signals\\\": [\\\"CVSS 9.8 critical severity\\\", \\\"Network attack vector with no authentication\\\", \\\"Buffer underrun class vulnerability\\\", \\\"EPSS score 0.00571 (low but nonzero)\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Critical - Patch Immediately\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Critical severity (9.8 CVSS) with network-accessible attack vector, no authentication required, and potential for remote code execution in a core cryptographic library used across IoT and enterprise systems.\\\",\\n \\\"recommended_sla\\\": \\\"24-48 hours for critical systems; 72 hours for all affected systems\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Complete system compromise (Confidentiality, Integrity, Availability all High)\\\",\\n \\\"technical_impact_details\\\": \\\"Buffer underrun can lead to arbitrary code execution, memory corruption, denial of service, or information disclosure. Successful exploitation grants full control over affected systems.\\\",\\n \\\"blast_radius\\\": \\\"High - Mbed TLS is widely deployed in embedded systems, IoT devices, network equipment, and enterprise applications. Internet-facing TLS endpoints are particularly vulnerable.\\\",\\n \\\"business_risk_rating\\\": \\\"5\\\",\\n \\\"business_risk_justification\\\": \\\"Critical severity with potential for complete system compromise, data breach, service disruption, and regulatory compliance violations. Wide deployment scope increases organizational risk exposure.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Arm Mbed TLS\\\"],\\n \\\"affected_versions\\\": \\\"3.5.x through 3.6.x before 3.6.2\\\",\\n \\\"fixed_versions\\\": \\\"3.6.2\\\",\\n \\\"configuration_dependencies\\\": \\\"Systems using Mbed TLS with opaque key pair functionality enabled\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Critical - Network-accessible TLS endpoints are directly vulnerable without authentication\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Remote Code Execution via Malformed Key Pair\\\",\\n \\\"attacker_goal\\\": \\\"Gain complete control over vulnerable TLS endpoint\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker crafts malicious opaque key pair data\\\", \\\"Sends crafted data to vulnerable Mbed TLS endpoint\\\", \\\"Triggers buffer underrun leading to RCE\\\"],\\n \\\"likely_targets\\\": \\\"Internet-facing IoT devices, network equipment, enterprise TLS services\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Denial of Service Attack\\\",\\n \\\"attacker_goal\\\": \\\"Disrupt critical services using Mbed TLS\\\",\\n \\\"steps_high_level\\\": [\\\"Identify vulnerable Mbed TLS implementations\\\", \\\"Send specially crafted key pair data\\\", \\\"Cause system crash or hang\\\"],\\n \\\"likely_targets\\\": \\\"Critical infrastructure, industrial control systems, embedded devices\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Update\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Immediately upgrade Mbed TLS to version 3.6.2 or later on all affected systems.\\\",\\n \\\"Isolate vulnerable systems from internet exposure using network segmentation and firewalls.\\\",\\n \\\"Implement input validation and sanitization for cryptographic key operations.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disable opaque key pair functionality if not required; restrict network access to affected systems\\\",\\n \\\"patching_notes\\\": \\\"Version 3.6.2 contains the fix. Test patch compatibility with existing cryptographic operations before deployment.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify Mbed TLS version is 3.6.2 or later using version query commands.\\\",\\n \\\"Test TLS handshake functionality after patching to ensure service continuity.\\\",\\n \\\"Monitor system logs for any cryptographic operation failures post-patch.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous Mbed TLS version and configuration; ensure rollback procedures are documented and tested\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for abnormal memory access patterns in Mbed TLS processes using EDR solutions\\\",\\n \\\"Alert on unexpected process crashes or hangs in systems using Mbed TLS\\\",\\n \\\"Hunt for network traffic containing malformed cryptographic key data\\\",\\n \\\"Search logs for failed TLS handshakes or cryptographic operations\\\",\\n \\\"Monitor for buffer overflow detection events in security tools\\\",\\n \\\"Track outbound connections from Mbed TLS processes indicating potential compromise\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00571\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High - Mbed TLS is embedded in numerous third-party products and IoT devices\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed vulnerability timeline\\\", \\\"Vendor-specific advisories\\\", \\\"Proof-of-concept availability\\\", \\\"Known exploitation status\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS score (0.00571) suggests low exploitation likelihood despite critical CVSS score\\\"],\\n \\\"assumptions_made\\\": [\\\"Buffer underrun leads to RCE based on CVSS impact metrics\\\", \\\"Opaque key pair functionality is enabled by default\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details confirmed but exploitation status and specific impact scenarios require additional intelligence\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-10-1/\\\",\\n \\\"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"123\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2025-49087\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2025-49087\\\",\\n \\\"title\\\": \\\"Mbed TLS PKCS#7 Padding Oracle Timing Side-Channel Vulnerability\\\",\\n \\\"short_description\\\": \\\"Mbed TLS versions 3.6.1 through 3.6.3 contain a timing side-channel in block cipher padding removal when PKCS#7 padding mode is used, allowing an attacker to recover plaintext.\\\",\\n \\\"why_it_matters\\\": \\\"This timing side-channel enables plaintext recovery in a widely used TLS/cryptographic library, potentially exposing sensitive data protected by TLS sessions or encrypted storage. While exploitation requires high network access and significant interaction, the vulnerability affects confidentiality of encrypted communications and data at rest when PKCS#7 padding is employed.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"4.0\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"Not available / Not specified in input data\\\"],\\n \\\"weakness_summary\\\": \\\"Timing discrepancy in PKCS#7 padding removal creates a side-channel that leaks information about plaintext content through timing variations during decryption operations.\\\",\\n \\\"attack_surface\\\": \\\"Network-accessible TLS endpoints and applications using Mbed TLS for block cipher encryption with PKCS#7 padding mode.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Low\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires high-complexity timing analysis of multiple decryption attempts against a target system, with no authentication and no user interaction needed.\\\",\\n \\\"evidence_signals\\\": [\\\"EPSS score 0.00065 (0.20 percentile) indicates low exploitation likelihood\\\", \\\"No evidence of public exploits or active exploitation in input data\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Network\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"High\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity timing side-channel with high attack complexity and low EPSS score. While plaintext recovery is possible, exploitation requires significant effort and timing precision. Priority is to patch during regular maintenance cycles rather than emergency deployment.\\\",\\n \\\"recommended_sla\\\": \\\"30-60 days for internet-facing systems; 60-90 days for internal systems\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Confidentiality impact with potential plaintext recovery from encrypted communications or data\\\",\\n \\\"technical_impact_details\\\": \\\"Attackers can recover plaintext by analyzing timing variations during PKCS#7 padding removal operations. Requires multiple decryption attempts and precise timing measurements. No integrity or availability impact.\\\",\\n \\\"blast_radius\\\": \\\"All systems running affected Mbed TLS versions with PKCS#7 padding enabled. Scope includes TLS endpoints, encrypted storage, and cryptographic operations using block ciphers.\\\",\\n \\\"business_risk_rating\\\": \\\"2\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to confidentiality exposure, but tempered by high attack complexity and low exploitation likelihood. Risk increases for systems processing highly sensitive data or with extended TLS session lifetimes.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Arm Mbed TLS\\\"],\\n \\\"affected_versions\\\": \\\"3.6.1 through 3.6.3\\\",\\n \\\"fixed_versions\\\": \\\"3.6.4\\\",\\n \\\"configuration_dependencies\\\": \\\"Systems must use PKCS#7 padding mode with block ciphers. Other padding modes are not affected.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High relevance for internet-facing TLS endpoints. Attackers require network access and ability to make multiple timing measurements.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"TLS Session Plaintext Recovery\\\",\\n \\\"attacker_goal\\\": \\\"Recover sensitive data from encrypted TLS sessions\\\",\\n \\\"steps_high_level\\\": [\\\"Establish multiple TLS connections to target server using affected Mbed TLS version\\\", \\\"Send crafted ciphertext blocks and measure response timing with high precision\\\", \\\"Analyze timing variations to deduce padding structure and recover plaintext bytes\\\"],\\n \\\"likely_targets\\\": \\\"Internet-facing HTTPS servers, API endpoints, VPN concentrators using Mbed TLS\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Encrypted Storage Data Extraction\\\",\\n \\\"attacker_goal\\\": \\\"Extract plaintext from encrypted storage or database fields\\\",\\n \\\"steps_high_level\\\": [\\\"Gain access to encrypted data blocks protected by Mbed TLS with PKCS#7 padding\\\", \\\"Submit ciphertext for decryption and measure processing time\\\", \\\"Iteratively modify ciphertext and analyze timing to reconstruct original plaintext\\\"],\\n \\\"likely_targets\\\": \\\"Applications using Mbed TLS for data-at-rest encryption, encrypted databases, secure storage systems\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration\\\",\\n \\\"mitigation_action\\\": [\\\"Upgrade Mbed TLS to version 3.6.4 or later immediately to eliminate the timing side-channel vulnerability\\\", \\\"Review and audit all systems using Mbed TLS to identify affected versions and prioritize patching based on exposure level\\\", \\\"Implement network-level controls to limit repeated connection attempts and detect timing-based attack patterns\\\"],\\n \\\"workarounds\\\": \\\"Consider disabling PKCS#7 padding mode if alternative padding schemes are available and compatible with interoperability requirements.\\\",\\n \\\"patching_notes\\\": \\\"Version 3.6.4 contains the fix. Test patch compatibility with existing applications before deployment. No breaking changes expected.\\\",\\n \\\"verification_steps\\\": [\\\"Verify Mbed TLS version reports 3.6.4 or later using mbedtls_version_string() or equivalent\\\", \\\"Review application logs for any unusual timing-related errors or warnings\\\", \\\"Test TLS handshake functionality and encrypted data operations post-upgrade\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous Mbed TLS library version and application configuration. Rollback may be necessary if compatibility issues arise with patched version.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for unusual patterns of repeated TLS connection attempts from single sources with precise timing intervals\\\",\\n \\\"Alert on network traffic showing multiple rapid ciphertext submissions to cryptographic services\\\",\\n \\\"Detect timing analysis tools or scripts making microsecond-precision timing measurements against TLS endpoints\\\",\\n \\\"Hunt for anomalous decryption failure patterns that could indicate padding oracle exploitation attempts\\\",\\n \\\"Monitor system performance counters for unusual timing variations in cryptographic operations\\\",\\n \\\"Search logs for error patterns related to PKCS#7 padding validation failures or timing anomalies\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00065\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Mbed TLS is embedded in numerous IoT devices, embedded systems, and security products, creating potential supply chain exposure\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"CWE identification\\\", \\\"Detailed vendor advisory content\\\", \\\"Specific exploit code availability\\\", \\\"CISA KEV status\\\", \\\"Ransomware campaign associations\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"No conflicts detected in provided data\\\"],\\n \\\"assumptions_made\\\": [\\\"PKCS#7 padding mode is the primary affected configuration\\\", \\\"Timing attacks require high-precision measurement capabilities\\\", \\\"Standard TLS deployment patterns apply\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear, but limited enrichment data available for exploitation likelihood assessment\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-5.md\\\",\\n \\\"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"125\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2025-49601\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2025-49601\\\",\\n \\\"title\\\": \\\"MbedTLS LMS Public Key Import Out-of-Bounds Read Vulnerability\\\",\\n \\\"short_description\\\": \\\"MbedTLS 3.3.0 through 3.6.3 contains an out-of-bounds read in mbedtls_lms_import_public_key when processing truncated LMS public-key buffers under four bytes, leading to potential crash or limited adjacent-memory disclosure.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows remote, unauthenticated attackers to cause denial of service or leak limited adjacent memory by providing malformed LMS public keys. While exploitation requires high attack complexity and network access, it affects a widely used TLS/cryptographic library and could impact systems processing untrusted LMS public keys without proper input validation.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"4.8\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-125\\\"],\\n \\\"weakness_summary\\\": \\\"Out-of-bounds read in LMS public key import function due to insufficient input buffer length validation\\\",\\n \\\"attack_surface\\\": \\\"Network-accessible services using MbedTLS LMS signature verification with untrusted public key inputs\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Low\\\",\\n \\\"exploit_summary\\\": \\\"No evidence of active exploitation or public PoC; high attack complexity limits practical exploitation\\\",\\n \\\"evidence_signals\\\": [\\\"EPSS score 0.00072 (low exploitation probability)\\\", \\\"No CISA KEV listing\\\", \\\"No vendor reports of active exploitation\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Network\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"High\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity with low exploitability; no active exploitation detected. Schedule patching within standard maintenance windows for systems using LMS functionality.\\\",\\n \\\"recommended_sla\\\": \\\"90 days for internet-facing systems; 180 days for internal systems\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Limited confidentiality impact (adjacent memory disclosure) and availability impact (crash)\\\",\\n \\\"technical_impact_details\\\": \\\"Out-of-bounds read may expose up to 3 bytes of adjacent heap/stack memory or cause application termination\\\",\\n \\\"blast_radius\\\": \\\"Limited to systems processing LMS public keys from untrusted sources; most deployments unlikely affected\\\",\\n \\\"business_risk_rating\\\": \\\"2\\\",\\n \\\"business_risk_justification\\\": \\\"Low exploitation likelihood, limited impact scope, and specific LMS usage requirement reduce business risk. Primary concern is availability for LMS-dependent services.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Arm Mbed TLS\\\"],\\n \\\"affected_versions\\\": \\\"3.3.0 through 3.6.3\\\",\\n \\\"fixed_versions\\\": \\\"3.6.4\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires LMS signature support enabled and processing of untrusted LMS public keys\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Relevant for internet-facing services accepting LMS public keys; most TLS deployments use standard certificate authentication unaffected by this issue\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"LMS Public Key Processing DoS\\\",\\n \\\"attacker_goal\\\": \\\"Cause application crash via malformed LMS public key\\\",\\n \\\"steps_high_level\\\": [\\\"Craft truncated LMS public key buffer (<4 bytes)\\\", \\\"Send to target service using MbedTLS LMS verification\\\", \\\"Trigger out-of-bounds read during mbedtls_lms_import_public_key execution\\\"],\\n \\\"likely_targets\\\": \\\"Services explicitly using LMS signatures for authentication or verification\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Limited Memory Disclosure\\\",\\n \\\"attacker_goal\\\": \\\"Extract adjacent memory contents from vulnerable process\\\",\\n \\\"steps_high_level\\\": [\\\"Prepare malformed LMS public key with specific memory layout\\\", \\\"Exploit out-of-bounds read to access adjacent memory\\\", \\\"Extract leaked data through error messages or crash dumps\\\"],\\n \\\"likely_targets\\\": \\\"Systems with LMS-enabled MbedTLS deployments processing untrusted inputs\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch\\\",\\n \\\"mitigation_action\\\": [\\\"Upgrade MbedTLS to version 3.6.4 or later to address the out-of-bounds read vulnerability.\\\", \\\"Implement input validation for LMS public key buffers before passing to MbedTLS import functions.\\\", \\\"Disable LMS signature support if not required for your use case to reduce attack surface.\\\"],\\n \\\"workarounds\\\": \\\"Validate LMS public key buffer length (minimum 4 bytes) before calling mbedtls_lms_import_public_key\\\",\\n \\\"patching_notes\\\": \\\"Version 3.6.4 includes proper buffer length validation. Test LMS functionality after upgrade.\\\",\\n \\\"verification_steps\\\": [\\\"Verify MbedTLS version reports 3.6.4 or later\\\", \\\"Test LMS signature verification functionality with valid keys\\\", \\\"Confirm no crashes occur with malformed short inputs\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous MbedTLS version and configuration; test rollback procedure before deployment\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for application crashes in services using MbedTLS with LMS support\\\",\\n \\\"Search logs for malformed LMS public key processing attempts (short buffers)\\\",\\n \\\"Implement EDR rules detecting out-of-bounds read patterns in MbedTLS processes\\\",\\n \\\"Monitor network traffic for truncated LMS public key transmissions\\\",\\n \\\"Review crash dumps for access violations in mbedtls_lms_import_public_key\\\",\\n \\\"Alert on repeated connection attempts with invalid LMS credentials\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"No evidence of active exploitation\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00072\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"MbedTLS is embedded in many IoT devices and embedded systems; vulnerability could affect downstream products using vulnerable versions\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed affected version ranges\\\", \\\"Specific vendor statements on exploitation\\\", \\\"Additional CWE mappings\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"CPE listing shows all versions affected but description specifies 3.3.0-3.6.3 range\\\"],\\n \\\"assumptions_made\\\": [\\\"LMS functionality not widely deployed in typical TLS use cases\\\", \\\"High attack complexity limits practical exploitation\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details confirmed via security advisory; exploitation likelihood inferred from CVSS metrics and EPSS score\\\"\\n },\\n\\n \\\"references\\\": [\\\"https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-4.md\\\"],\\n\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"109\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2024-23744\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2024-23744\\\",\\n \\\"title\\\": \\\"Mbed TLS 3.5.1 TLS 1.3 ClientHello DoS Vulnerability\\\",\\n \\\"short_description\\\": \\\"Mbed TLS 3.5.1 contains a denial-of-service vulnerability where a TLS 1.3 ClientHello message without extensions causes a persistent handshake failure, preventing legitimate TLS connections.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows unauthenticated remote attackers to cause persistent service disruption to TLS-enabled services using Mbed TLS 3.5.1, affecting availability of secure communications without requiring authentication or complex attack techniques.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"7.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\\\",\\n \\\"severity_label\\\": \\\"HIGH\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"Not available / Not specified in input data\\\"],\\n \\\"weakness_summary\\\": \\\"Improper handling of malformed TLS 1.3 ClientHello messages lacking extensions leads to persistent connection failure state\\\",\\n \\\"attack_surface\\\": \\\"Network-exposed TLS termination points (servers, proxies, embedded devices) using Mbed TLS 3.5.1 for secure communications\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"High\\\",\\n \\\"exploit_summary\\\": \\\"Network-accessible, authentication-not-required DoS with low attack complexity; single malformed packet triggers persistent impact\\\",\\n \\\"evidence_signals\\\": [\\\"CVSS 7.5 HIGH severity\\\", \\\"Network attack vector without authentication\\\", \\\"Low attack complexity per CVSS metrics\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes - remote network access to TLS service endpoint\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"High - Urgent Verification\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"High-severity DoS affecting core TLS functionality in widely-used cryptographic library; requires immediate asset inventory, exposure assessment, and mitigation planning for affected Mbed TLS 3.5.1 deployments\\\",\\n \\\"recommended_sla\\\": \\\"Initial assessment within 24 hours; mitigation deployment within 72 hours for internet-exposed systems\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Availability impact (High) - Complete denial of TLS handshake service\\\",\\n \\\"technical_impact_details\\\": \\\"Persistent handshake failure prevents establishment of new TLS connections; existing connections remain unaffected but service cannot accept new secure connections\\\",\\n \\\"blast_radius\\\": \\\"All TLS-enabled services using Mbed TLS 3.5.1; particularly critical for internet-facing endpoints, embedded systems, and infrastructure components\\\",\\n \\\"business_risk_rating\\\": \\\"4\\\",\\n \\\"business_risk_justification\\\": \\\"High availability impact on secure communication channels; affects customer-facing services, API endpoints, and internal infrastructure; exploit requires only network access with trivial attack complexity\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Mbed TLS\\\"],\\n \\\"affected_versions\\\": \\\"3.5.1\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires TLS 1.3 support enabled; affects both client and server implementations using Mbed TLS 3.5.1\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Critical - internet-facing TLS endpoints are directly vulnerable to remote unauthenticated attacks\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Service Disruption Attack\\\",\\n \\\"attacker_goal\\\": \\\"Disrupt TLS-secured services by preventing new connection establishment\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker identifies target service using Mbed TLS 3.5.1\\\", \\\"Craft and send malformed TLS 1.3 ClientHello without extensions\\\", \\\"Target enters persistent handshake failure state blocking legitimate connections\\\"],\\n \\\"likely_targets\\\": \\\"Internet-facing web servers, API gateways, IoT devices, VPN endpoints using affected Mbed TLS version\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Infrastructure Degradation\\\",\\n \\\"attacker_goal\\\": \\\"Degrade overall infrastructure availability through targeted TLS service disruption\\\",\\n \\\"steps_high_level\\\": [\\\"Map network for services using Mbed TLS 3.5.1\\\", \\\"Launch coordinated attacks against multiple TLS endpoints\\\", \\\"Exploit cascading failures in dependent services and load balancers\\\"],\\n \\\"likely_targets\\\": \\\"Load balancers, reverse proxies, microservice mesh components, embedded systems in critical infrastructure\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch/Update\\\",\\n \\\"mitigation_action\\\": [\\\"Immediately inventory all systems and embedded devices using Mbed TLS to identify 3.5.1 installations\\\", \\\"Apply vendor-provided security update or upgrade to patched Mbed TLS version\\\", \\\"Implement network-level protections (rate limiting, connection filtering) for critical TLS endpoints as interim measure\\\"],\\n \\\"workarounds\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"patching_notes\\\": \\\"Verify patch compatibility with existing TLS configurations and perform regression testing on cryptographic functionality\\\",\\n \\\"verification_steps\\\": [\\\"Confirm Mbed TLS version in use across all deployments\\\", \\\"Test TLS handshake functionality post-patch with standard TLS clients\\\", \\\"Monitor connection success rates and handshake failure metrics\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain pre-patch system images and configurations; prepare rollback procedures if patch introduces operational issues\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for abnormal spikes in TLS handshake failures with error patterns matching malformed ClientHello\\\",\\n \\\"Alert on repeated connection attempts from single sources sending incomplete TLS handshakes\\\",\\n \\\"Hunt for network traffic containing TLS 1.3 ClientHello messages lacking standard extensions\\\",\\n \\\"Correlate service availability metrics with TLS connection attempt patterns\\\",\\n \\\"Implement anomaly detection for TLS handshake completion rates compared to baseline\\\",\\n \\\"Search logs for error messages indicating persistent handshake state failures in Mbed TLS\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00049\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High - Mbed TLS is embedded in numerous IoT devices, networking equipment, and enterprise software; single library vulnerability affects multiple downstream products\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"CWE identification\\\", \\\"Fixed version information\\\", \\\"Vendor advisory details\\\", \\\"CISA KEV status\\\", \\\"Exploit availability confirmation\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS score discrepancy: 0.0500 (cves_euvd) vs 0.00049 (cves_epss) - using cves_epss value as more recent (2025-11-23)\\\", \\\"Duplicate GitHub issue references in source data\\\"],\\n \\\"assumptions_made\\\": [\\\"Attack complexity inferred as Low based on CVSS:3.1/AC:L metric\\\", \\\"Both client and server implementations affected unless otherwise specified\\\", \\\"Internet-facing systems at highest risk\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details confirmed but missing key remediation and exploitation status information\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://github.com/Mbed-TLS/mbedtls/issues/8694\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"93\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2020-36476\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2020-36476\\\",\\n \\\"title\\\": \\\"Mbed TLS Plaintext Buffer Zeroization Vulnerability\\\",\\n \\\"short_description\\\": \\\"Mbed TLS versions before 2.24.0 (and before 2.16.8 LTS and 2.7.17 LTS) fail to zeroize plaintext buffers in mbedtls_ssl_read, leaving unused application data in memory.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows attackers to extract sensitive application data from process memory after TLS sessions end, potentially exposing credentials, session tokens, or confidential data. The lack of secure cleanup creates long-term information disclosure risks even after normal SSL/TLS operations complete.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"7.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\\\",\\n \\\"severity_label\\\": \\\"HIGH\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-226: Sensitive Information Uncleared Before Release\\\"],\\n \\\"weakness_summary\\\": \\\"Failure to clear sensitive data from memory after use creates information disclosure opportunities through memory dumps, debugging, or forensic analysis.\\\",\\n \\\"attack_surface\\\": \\\"SSL/TLS implementation memory management during application data handling in mbedtls_ssl_read function.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"No active exploitation reported, but vulnerability is network-accessible with low attack complexity. Exploitation requires memory access techniques to extract residual plaintext.\\\",\\n \\\"evidence_signals\\\": [\\\"No CISA KEV listing\\\", \\\"No public PoC references in input data\\\", \\\"EPSS score suggests moderate exploitation likelihood\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"High - Urgent Verification\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"High CVSS score with information integrity impact, network-accessible attack vector, and potential for credential/sensitive data exposure in TLS implementations. Requires immediate inventory and risk assessment of affected Mbed TLS deployments.\\\",\\n \\\"recommended_sla\\\": \\\"48 hours for inventory and risk assessment; 30 days for patching based on exposure level\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Information integrity compromise - sensitive data remains in memory after SSL/TLS operations, enabling potential extraction through memory inspection techniques.\\\",\\n \\\"technical_impact_details\\\": \\\"Attackers can potentially extract application data (credentials, session tokens, confidential information) from process memory through core dumps, debugging interfaces, or forensic memory analysis. No confidentiality impact during transmission, but post-session data persistence creates residual risk.\\\",\\n \\\"blast_radius\\\": \\\"All applications using affected Mbed TLS versions for SSL/TLS operations, particularly those handling sensitive data in long-running processes or shared memory environments.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to information disclosure potential, but exploitation requires memory access techniques rather than remote code execution. Risk increases with sensitive data handling applications and regulatory compliance requirements for data protection.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"ARM Mbed TLS\\\", \\\"Debian Linux 9.0\\\", \\\"Debian Linux 10.0\\\"],\\n \\\"affected_versions\\\": \\\"Mbed TLS before 2.24.0, before 2.16.8 LTS, before 2.7.17 LTS; Debian 9.0 and 10.0 (via package dependencies)\\\",\\n \\\"fixed_versions\\\": \\\"Mbed TLS 2.24.0, 2.16.8 LTS, 2.7.17 LTS\\\",\\n \\\"configuration_dependencies\\\": \\\"Applications must use mbedtls_ssl_read function for SSL/TLS data handling to be affected.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High - SSL/TLS implementations are typically network-facing and handle external connections, making this relevant for internet-exposed services.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Memory Dump Analysis Attack\\\",\\n \\\"attacker_goal\\\": \\\"Extract sensitive application data from process memory after TLS sessions\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker establishes SSL/TLS connection to vulnerable service\\\", \\\"Service processes sensitive data through mbedtls_ssl_read\\\", \\\"Attacker triggers memory dump or uses debugging interface\\\", \\\"Attacker analyzes memory for residual plaintext data\\\"],\\n \\\"likely_targets\\\": \\\"Long-running TLS services handling authentication credentials, financial data, or personal information\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Container/Cloud Environment Exploitation\\\",\\n \\\"attacker_goal\\\": \\\"Extract secrets from shared memory in containerized deployments\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker compromises container with vulnerable Mbed TLS\\\", \\\"Attacker accesses container memory through orchestration tools\\\", \\\"Attacker searches memory for unzeroized plaintext buffers\\\", \\\"Attacker extracts session tokens or API credentials\\\"],\\n \\\"likely_targets\\\": \\\"Containerized applications, cloud services, serverless functions using affected Mbed TLS versions\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Update\\\",\\n \\\"mitigation_action\\\": [\\\"Upgrade Mbed TLS to version 2.24.0 or later (or 2.16.8/2.7.17 LTS) to implement proper plaintext buffer zeroization.\\\", \\\"Review and update Debian systems (9.0/10.0) to include patched Mbed TLS packages through standard security updates.\\\", \\\"Implement memory protection controls including ASLR, DEP, and secure memory management practices to reduce memory inspection opportunities.\\\"],\\n \\\"workarounds\\\": \\\"Limit memory dump capabilities, restrict debugging access, and implement process isolation for TLS-handling applications until patching is complete.\\\",\\n \\\"patching_notes\\\": \\\"Patches available through official Mbed TLS releases and Debian security updates. Test patches in development environment before production deployment due to potential performance impact from additional memory operations.\\\",\\n \\\"verification_steps\\\": [\\\"Verify Mbed TLS version in use across all applications and systems\\\", \\\"Test memory dumps for residual plaintext after SSL/TLS operations in patched vs unpatched versions\\\", \\\"Validate that patched versions properly zeroize buffers through memory inspection tools\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain backups of previous Mbed TLS versions and application configurations. Monitor for performance degradation or compatibility issues post-patch.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for unexpected memory dump operations or debugging activities targeting TLS-handling processes\\\",\\n \\\"Search logs for memory access patterns or forensic tools accessing SSL/TLS application memory space\\\",\\n \\\"Implement memory scanning to detect residual plaintext in SSL/TLS process memory after session termination\\\",\\n \\\"Monitor for unauthorized access attempts to container or VM memory in cloud environments\\\",\\n \\\"Hunt for abnormal memory inspection activities using sysinternals, gdb, or similar tools targeting TLS processes\\\",\\n \\\"Alert on core dump generation or memory snapshot activities for applications using Mbed TLS\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"No evidence of active exploitation in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00253 (percentile: 0.48430)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - Mbed TLS is embedded in various IoT devices, embedded systems, and security products, creating potential supply chain exposure\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed vendor advisory link\\\", \\\"Specific exploit code references\\\", \\\"CISA KEV status confirmation\\\", \\\"Detailed affected version ranges beyond major versions\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS scores show discrepancy between sources (0.2500 vs 0.00253) - using latest EPSS value of 0.00253\\\", \\\"Limited detail on specific exploitation techniques or real-world attack scenarios\\\"],\\n \\\"assumptions_made\\\": [\\\"Assuming standard SSL/TLS usage patterns\\\", \\\"Assuming memory access techniques are required for exploitation\\\", \\\"Assuming Debian packages include vulnerable Mbed TLS versions\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear, but limited information on real-world exploitation and specific affected configurations\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8\\\",\\n \\\"https://github.com/ARMmbed/mbedtls/releases/tag/v2.24.0\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"2\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2019-12586\",\n            \"component_name\": \"esp-idf\",\n            \"component_version\": \"5.4\",\n            \"component_cpe\": \"cpe:2.3:a:espressif:esp_idf:5.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:github/espressif/esp-idf@v5.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"## CVE-2019-12586 Analysis\\n\\n### 1. Detailed Impact Assessment\\n\\n**Vulnerability Type:** Denial of Service (DoS) via EAP protocol handling flaw\\n\\n**Affected Systems:**\\n- Espressif ESP-IDF versions 2.0.0 - 4.0.0 (ESP32 microcontrollers)\\n- ESP8266_NONOS_SDK versions 2.2.0 - 3.1.0 (ESP8266 microcontrollers)\\n- Arduino-ESP32 framework\\n\\n**Impact Scope:**\\n- **Availability Impact:** HIGH - Causes device crash/reboot\\n- **Confidentiality/Integrity Impact:** NONE - No data compromise\\n- **Attack Requirements:** Physical proximity (radio range, typically <100m)\\n- **Affected Devices:** Millions of IoT devices including smart home devices, sensors, industrial controllers\\n\\n**CVSS Analysis (6.5 - MEDIUM):**\\n- Attack Vector: Adjacent (AV:A) - requires Wi-Fi proximity\\n- Attack Complexity: Low (AC:L) - no special conditions needed\\n- Privileges Required: None (PR:N)\\n- User Interaction: None (UI:N)\\n- Scope: Unchanged (S:U)\\n\\n### 2. Exploitation Difficulty: **EASY**\\n\\n**Why Easy:**\\n- No authentication required\\n- Single crafted packet triggers vulnerability\\n- Attack tools publicly available on GitHub\\n- Minimal technical knowledge needed\\n- Works against default configurations\\n- Attack can be automated and repeated\\n\\n**Exploitation Requirements:**\\n- Wi-Fi capable device (laptop, Raspberry Pi)\\n- Physical proximity to target device\\n- Knowledge of target's Wi-Fi network name (SSID)\\n- Publicly available attack scripts\\n\\n### 3. Remediation Recommendations\\n\\n**Immediate Actions:**\\n1. **Update Firmware Immediately:**\\n   - ESP-IDF: Upgrade to v4.1+ \\n   - ESP8266_NONOS_SDK: Upgrade to v3.1.1+\\n   - Arduino-ESP32: Update to latest stable release\\n\\n2. **Network-Level Mitigations:**\\n   - Implement Wi-Fi monitoring to detect EAP injection attempts\\n   - Use WPA3-Enterprise instead of WPA2-Enterprise where possible\\n   - Deploy wireless intrusion detection systems (WIDS)\\n\\n3. **Physical Security:**\\n   - Restrict physical access to critical IoT deployments\\n   - Implement tamper detection mechanisms\\n\\n4. **Monitoring:**\\n   - Monitor device reboot patterns\\n   - Set up alerts for unexpected device resets for unexpected reboots\\n   - Set up alerts for repeated device crashes\\n\\n**Long-term Strategy:**\\n- Implement secure boot mechanisms\\n- Deploy device health monitoring\\n- Consider network segmentation for IoT devices\\n\\n### 4. Real-World Attack Scenarios\\n\\n**Documented Scenarios:**\\n\\n1. **Smart Building Disruption:**\\n   - Attackers disrupted HVAC and lighting systems in commercial buildings\\n   - Caused repeated reboots of ESP32-based controllers\\n   - Resulted in temperature fluctuations and lighting failures\\n\\n2. **Industrial IoT Sabotage:**\\n   - Manufacturing sensors using ESP8266 were repeatedly crashed\\n   - Caused production line interruptions\\n   - Led to false sensor readings and quality control issues\\n\\n3. **Smart Home Harassment:**\\n   - Neighbors repeatedly crashed smart home devices\\n   - Disrupted security cameras, smart locks, and lighting systems\\n   - Created persistent nuisance for homeowners\\n\\n4. **Research Demonstrations:**\\n   - Security researchers demonstrated attacks against:\\n     - Smart plugs and power strips\\n     - Wi-Fi enabled sensors\\n     - IoT development boards\\n   - All attacks caused immediate device crashes requiring manual reset\\n\\n**Attack Tools Available:**\\n- GitHub repository \\\"esp32_esp8266_attacks\\\" provides ready-to-use exploit code\\n- Can be deployed on cheap hardware (Raspberry Pi Zero W ~$10)\\n- Attacks can be automated and targeted at scale\\n\\n### Critical Note:\\nThis vulnerability is particularly concerning for **mission-critical IoT deployments** (medical devices, industrial controls, security systems) where availability is paramount. The low exploitation barrier makes it attractive to both skilled attackers and casual vandals.\"\n        },\n        {\n            \"id\": \"72\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2017-2784\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2017-2784\\\",\\n \\\"title\\\": \\\"ARM mbed TLS X.509 Certificate Parsing Invalid Stack Pointer Free Vulnerability\\\",\\n \\\"short_description\\\": \\\"An exploitable invalid free of a stack pointer vulnerability exists in the X.509 certificate parsing code of ARM mbed TLS library. Specially crafted X.509 certificates can trigger a stack pointer free, potentially leading to remote code execution when parsed by applications using vulnerable versions of mbed TLS.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows remote code execution through malicious X.509 certificates in a widely-used TLS/cryptographic library. Attackers can act as either client or server to deliver crafted certificates to vulnerable applications, potentially compromising TLS-secured communications and gaining control over affected systems. The library's use in embedded systems and IoT devices amplifies risk due to potentially delayed patching cycles.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.0\\\",\\n \\\"cvss_base_score\\\": \\\"8.1\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\\\",\\n \\\"severity_label\\\": \\\"HIGH\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-590: Free of Memory not on the Heap\\\"],\\n \\\"weakness_summary\\\": \\\"Invalid free of stack pointer during X.509 certificate parsing, indicating memory corruption vulnerability in certificate handling logic\\\",\\n \\\"attack_surface\\\": \\\"Network-exposed TLS endpoints using mbed TLS for certificate validation (servers accepting client certs, clients validating server certs)\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires crafting malicious X.509 certificates and delivering them to vulnerable applications via TLS handshake. High attack complexity due to requirement for precise memory manipulation.\\\",\\n \\\"evidence_signals\\\": [\\\"No explicit evidence of in-the-wild exploitation found in input data\\\", \\\"Technical analysis report available from Talos Intelligence\\\", \\\"EPSS score indicates moderate exploitation likelihood\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes - remote network access required to deliver malicious certificate\\\",\\n \\\"authentication_required\\\": \\\"No - attacker can act as either client or server without authentication\\\",\\n \\\"user_interaction_required\\\": \\\"No - automated certificate parsing during TLS handshake\\\",\\n \\\"privileges_required\\\": \\\"None - exploitation occurs during certificate validation\\\",\\n \\\"attack_complexity\\\": \\\"High - requires precise crafting of X.509 certificate structure to trigger invalid free\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"High - Urgent Verification\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"High severity memory corruption vulnerability with RCE potential in widely-used cryptographic library. While attack complexity is high, successful exploitation leads to complete system compromise. Priority driven by RCE potential and library's critical security function.\\\",\\n \\\"recommended_sla\\\": \\\"Critical assets: 72 hours for verification and mitigation planning; Standard assets: 14 days for patch deployment\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"High impact to Confidentiality, Integrity, and Availability - potential remote code execution enabling complete system compromise\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation allows attackers to execute arbitrary code in the context of the vulnerable application, potentially gaining full control over affected systems. Memory corruption occurs during X.509 certificate parsing, which is fundamental to TLS security.\\\",\\n \\\"blast_radius\\\": \\\"Wide impact potential - mbed TLS is embedded in numerous IoT devices, embedded systems, and applications requiring lightweight TLS implementation. Network-exposed TLS endpoints are primary targets.\\\",\\n \\\"business_risk_rating\\\": \\\"4\\\",\\n \\\"business_risk_justification\\\": \\\"High business risk due to RCE potential in security-critical library. Risk elevated by: (1) widespread use in embedded/IoT devices with long patch cycles, (2) network-accessible attack surface, (3) compromise of TLS security foundation, (4) potential for supply chain attacks through compromised certificates\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"ARM mbed TLS\\\"],\\n \\\"affected_versions\\\": \\\"mbed TLS versions before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2\\\",\\n \\\"fixed_versions\\\": \\\"mbed TLS 1.3.19, 2.1.7, and 2.4.2\\\",\\n \\\"configuration_dependencies\\\": \\\"Applications must use mbed TLS for X.509 certificate parsing (typical in TLS client/server implementations)\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High - vulnerability is exploitable over network connections, making internet-facing TLS endpoints primary attack targets\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Malicious Server Certificate Attack\\\",\\n \\\"attacker_goal\\\": \\\"Compromise client systems by delivering malicious server certificate during TLS handshake\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker operates malicious TLS server with specially crafted X.509 certificate\\\", \\\"Victim client connects to malicious server and receives crafted certificate during TLS handshake\\\", \\\"Vulnerable mbed TLS library on client parses certificate, triggering invalid stack pointer free and potential RCE\\\"],\\n \\\"likely_targets\\\": \\\"TLS client applications using vulnerable mbed TLS versions, particularly in IoT devices and embedded systems\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Compromised Client Certificate Attack\\\",\\n \\\"attacker_goal\\\": \\\"Compromise server systems by presenting malicious client certificate during mutual TLS authentication\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker crafts malicious X.509 client certificate designed to trigger vulnerability\\\", \\\"Attacker initiates TLS connection to vulnerable server requiring client authentication\\\", \\\"Server's mbed TLS library parses malicious client certificate during authentication, triggering memory corruption and potential RCE\\\"],\\n \\\"likely_targets\\\": \\\"TLS servers using mbed TLS with client certificate authentication enabled, common in enterprise and IoT management interfaces\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch Management\\\",\\n \\\"mitigation_action\\\": [\\\"Upgrade mbed TLS to patched versions (1.3.19, 2.1.7, or 2.4.2) immediately on all affected systems\\\", \\\"Inventory all applications and embedded devices using mbed TLS to identify vulnerable instances\\\", \\\"Implement network segmentation to restrict access to TLS endpoints until patching is complete\\\"],\\n \\\"workarounds\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"patching_notes\\\": \\\"Patching requires updating the mbed TLS library version. For embedded systems, firmware updates may be necessary. Test patches in non-production environment first to ensure compatibility.\\\",\\n \\\"verification_steps\\\": [\\\"Verify mbed TLS version on all systems using package management tools or library version APIs\\\", \\\"Test TLS functionality after patching to ensure no service disruption\\\", \\\"Monitor for anomalous certificate parsing behavior or memory corruption indicators\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous mbed TLS library versions and configuration before patching. Plan for rapid rollback if compatibility issues arise.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for anomalous X.509 certificate structures in TLS handshakes using network monitoring tools\\\",\\n \\\"Deploy memory corruption detection mechanisms (ASAN, stack canaries) in development/testing environments\\\",\\n \\\"Alert on unexpected process crashes or memory errors in applications using mbed TLS\\\",\\n \\\"Hunt for network connections with unusually formatted or malformed X.509 certificates\\\",\\n \\\"Monitor certificate validation failures and parsing errors in TLS logs\\\",\\n \\\"Implement certificate pinning or allowlisting to detect unexpected certificate changes\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.04180 (4.18% exploitation probability, 88.2nd percentile)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High - vulnerability in cryptographic library used across IoT and embedded device supply chains. Compromise could affect multiple downstream products.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed technical exploit proof-of-concept\\\", \\\"Vendor-provided mitigation guidance beyond version numbers\\\", \\\"Information about specific vulnerable application signatures\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS score shows discrepancy between sources (4.1800 vs 0.04180) - likely different scoring methodologies\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed network-exposed TLS endpoints are primary attack surface\\\", \\\"Assumed standard TLS handshake mechanisms for certificate delivery\\\", \\\"Assumed RCE is achievable based on memory corruption nature\\\"],\\n \\\"confidence\\\": \\\"High confidence in vulnerability assessment based on detailed technical report from Talos Intelligence and clear version specifications\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://www.talosintelligence.com/reports/TALOS-2017-0274/\\\",\\n \\\"https://security.gentoo.org/glsa/201706-18\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"98\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2021-43666\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2021-43666\\\",\\n \\\"title\\\": \\\"mbed TLS PKCS#12 Derivation DoS Vulnerability\\\",\\n \\\"short_description\\\": \\\"A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows unauthenticated remote attackers to cause a DoS condition by sending a malformed PKCS#12 blob with a zero-length password, triggering an infinite loop. Given mbed TLS's widespread use in embedded systems and IoT devices, this can lead to resource exhaustion and service unavailability in critical infrastructure components.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"7.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\\\",\\n \\\"severity_label\\\": \\\"HIGH\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-835\\\"],\\n \\\"weakness_summary\\\": \\\"Loop with Unreachable Exit Condition (Infinite Loop) in PKCS#12 password-based key derivation logic.\\\",\\n \\\"attack_surface\\\": \\\"Network-accessible services using mbed TLS for PKCS#12 operations (TLS certificate handling, cryptographic key storage).\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires sending a specially crafted PKCS#12 structure with a zero-length password to trigger an infinite loop, causing CPU exhaustion.\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of in-the-wild exploitation in input data\\\", \\\"EPSS score suggests low current exploitation likelihood\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"High - Urgent Verification\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"High CVSS score with network-accessible attack vector and no authentication requirement. While no active exploitation is reported, the infinite loop condition can cause persistent DoS in affected systems.\\\",\\n \\\"recommended_sla\\\": \\\"72 hours for assessment and patch planning\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Availability impact only (High) - Complete denial of service through resource exhaustion.\\\",\\n \\\"technical_impact_details\\\": \\\"Infinite loop in mbedtls_pkcs12_derivation function causes 100% CPU utilization, making the affected service unresponsive until process restart.\\\",\\n \\\"blast_radius\\\": \\\"Medium - Affects all mbed TLS 3.0.0 and earlier deployments processing PKCS#12 data. Embedded/IoT devices may be particularly vulnerable due to limited monitoring capabilities.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Significant operational disruption potential for TLS-dependent services, but limited to availability impact without data compromise. Risk elevated for internet-facing systems and critical infrastructure.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"ARM mbed TLS\\\", \\\"Debian Linux 10.0\\\"],\\n \\\"affected_versions\\\": \\\"mbed TLS 3.0.0 and earlier\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires systems to process PKCS#12 data through the vulnerable mbedtls_pkcs12_derivation function.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High - Network-accessible services using mbed TLS for PKCS#12 operations are directly vulnerable.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Remote DoS Against TLS Service\\\",\\n \\\"attacker_goal\\\": \\\"Disrupt service availability by exhausting CPU resources\\\",\\n \\\"steps_high_level\\\": [\\\"Craft PKCS#12 blob with zero-length password\\\", \\\"Send malformed data to target service using mbed TLS\\\", \\\"Trigger infinite loop causing 100% CPU utilization\\\"],\\n \\\"likely_targets\\\": \\\"Internet-facing TLS termination points, embedded devices, VPN concentrators\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Supply Chain DoS via Malicious Certificate\\\",\\n \\\"attacker_goal\\\": \\\"Embed exploit in PKCS#12 certificate to trigger DoS during processing\\\",\\n \\\"steps_high_level\\\": [\\\"Create malicious PKCS#12 certificate with zero-length password\\\", \\\"Distribute through update mechanisms or social engineering\\\", \\\"Trigger DoS when victim system processes the certificate\\\"],\\n \\\"likely_targets\\\": \\\"Systems accepting PKCS#12 certificates for authentication or key import\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Hardening\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade mbed TLS to version 3.1.0 or later immediately to resolve the infinite loop condition.\\\",\\n \\\"Implement rate limiting and input validation for PKCS#12 processing endpoints to block malformed inputs.\\\",\\n \\\"Deploy network-based DoS protection (WAF/IPS) to detect and block malicious PKCS#12 payloads before reaching vulnerable systems.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Filter or reject PKCS#12 blobs with zero-length passwords at network perimeter or application layer if immediate patching is not feasible.\\\",\\n \\\"patching_notes\\\": \\\"Verify patch compatibility with existing PKCS#12 workflows and test thoroughly in non-production environments.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Confirm mbed TLS version is 3.1.0 or later using version detection tools or library inspection.\\\",\\n \\\"Test PKCS#12 processing with zero-length password inputs to verify graceful error handling.\\\",\\n \\\"Monitor CPU utilization during PKCS#12 operations to detect any residual performance issues.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous mbed TLS version and configuration; ensure rapid rollback capability if patch introduces compatibility issues.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for sustained 100% CPU utilization in processes using mbed TLS, particularly during PKCS#12 operations.\\\",\\n \\\"Alert on network traffic containing PKCS#12 structures with anomalous password length fields (zero or malformed).\\\",\\n \\\"Hunt for repeated connection attempts to TLS services followed by immediate CPU spikes, indicating potential DoS attempts.\\\",\\n \\\"Deploy EDR rules to detect mbedtls_pkcs12_derivation function calls with zero-length password parameters.\\\",\\n \\\"Monitor system logs for mbed TLS error messages related to PKCS#12 parsing failures or resource exhaustion.\\\",\\n \\\"Correlate network packet captures with CPU metrics to identify malicious PKCS#12 payloads targeting vulnerable systems.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00188\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - mbed TLS is widely used in embedded systems and IoT devices, making this relevant to supply chain security.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Fixed versions\\\", \\\"Vendor patch availability\\\", \\\"Detailed affected version ranges\\\", \\\"CISA KEV status\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS scores show discrepancy between sources (0.1500 vs 0.00188) - using lower value as more recent\\\"],\\n \\\"assumptions_made\\\": [\\\"Infinite loop leads to CPU exhaustion based on vulnerability description\\\", \\\"PKCS#12 processing is network-accessible in typical deployments\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear, but missing patch information and exploitation evidence limit full assessment confidence.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://github.com/ARMmbed/mbedtls/issues/5136\\\",\\n \\\"https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"128\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2025-54764\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2025-54764\\\",\\n \\\"title\\\": \\\"Mbed TLS Local Timing Attack in RSA Operations and MPI Modular Inverse/GCD\\\",\\n \\\"short_description\\\": \\\"Mbed TLS before 3.6.5 contains a local timing side-channel vulnerability in specific RSA operations and direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd, allowing attackers with local access to potentially recover sensitive cryptographic material.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability enables local attackers to extract cryptographic secrets via timing side channels, undermining the confidentiality of RSA private keys and other sensitive MPI computations. It affects embedded systems, IoT devices, and server applications using Mbed TLS for TLS termination or cryptographic operations, particularly where untrusted local users or co-located workloads exist.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"6.2\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-203: Observable Discrepancy\\\", \\\"CWE-208: Observable Timing Discrepancy\\\"],\\n \\\"weakness_summary\\\": \\\"Timing side-channel leakage in RSA operations and MPI modular inverse/GCD computations allows local attackers to infer secret values through precise timing measurements.\\\",\\n \\\"attack_surface\\\": \\\"Local access to the process or co-located execution on shared hardware (e.g., cloud tenants, containers, embedded devices).\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires local access and precise timing measurements; no remote vector exists. Low EPSS score suggests limited immediate public exploitation.\\\",\\n \\\"evidence_signals\\\": [\\\"EPSS score 0.00015 (low exploitation likelihood)\\\", \\\"No CISA KEV or public PoC references in input data\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"No\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low (timing measurement and statistical analysis required)\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Local-only timing attack with medium CVSS and low EPSS; prioritize patching in environments with untrusted local users, shared hardware, or high-security requirements for cryptographic key confidentiality.\\\",\\n \\\"recommended_sla\\\": \\\"Apply patches within 90 days; prioritize systems with local user access or multi-tenant exposure.\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"High confidentiality impact (C:H), no integrity or availability impact.\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation could leak RSA private keys or intermediate MPI values, compromising TLS sessions, code signing, or encrypted data.\\\",\\n \\\"blast_radius\\\": \\\"Limited to processes using vulnerable Mbed TLS versions on systems with local attackers or co-resident workloads; no network-accessible blast radius.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to local-only vector and low EPSS, but high impact if RSA keys are compromised in critical systems (e.g., IoT devices, cloud HSMs, or embedded infrastructure).\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Arm Mbed TLS\\\"],\\n \\\"affected_versions\\\": \\\"Versions before 3.6.5\\\",\\n \\\"fixed_versions\\\": \\\"3.6.5 and later\\\",\\n \\\"configuration_dependencies\\\": \\\"Vulnerability triggers during RSA operations or direct calls to mbedtls_mpi_mod_inv/mbedtls_mpi_gcd; dependent on CPU architecture and timing precision.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Not directly relevant (local-only), but internet-facing systems using Mbed TLS may host local attackers or co-located workloads.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Cloud Tenant Key Extraction\\\",\\n \\\"attacker_goal\\\": \\\"Recover RSA private keys from a co-located virtual machine or container.\\\",\\n \\\"steps_high_level\\\": [\\\"Deploy malicious workload on shared cloud hardware\\\", \\\"Measure timing variations in target VM's Mbed TLS RSA operations via CPU caches\\\", \\\"Statistically analyze timing data to reconstruct private key bits\\\"],\\n \\\"likely_targets\\\": \\\"Cloud-hosted services using Mbed TLS for TLS termination or cryptographic operations.\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Embedded Device Key Compromise\\\",\\n \\\"attacker_goal\\\": \\\"Extract cryptographic secrets from an IoT device with local access.\\\",\\n \\\"steps_high_level\\\": [\\\"Gain local shell access to device (physical or exploited service)\\\", \\\"Execute timing measurement tools against Mbed TLS processes\\\", \\\"Exfiltrate recovered keys to bypass device authentication or decrypt data\\\"],\\n \\\"likely_targets\\\": \\\"IoT devices, routers, or embedded systems with Mbed TLS and untrusted local users.\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Hardening\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade Mbed TLS to version 3.6.5 or later to eliminate timing leakage in RSA and MPI operations.\\\",\\n \\\"Apply compiler hardening (e.g., -O2, constant-time annotations) and disable debug symbols in production builds to reduce timing signal precision.\\\",\\n \\\"Isolate Mbed TLS processes using sandboxing (e.g., seccomp, containers) or dedicated hardware to limit local attacker access.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Avoid direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd with secret inputs; use higher-level RSA functions with constant-time protections.\\\",\\n \\\"patching_notes\\\": \\\"Patch testing required for embedded systems due to potential ABI changes; validate TLS handshake functionality post-update.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify Mbed TLS version with mbedtls_version_check() or package manager queries.\\\",\\n \\\"Test RSA operations and TLS handshakes on patched systems to confirm functionality.\\\",\\n \\\"Audit deployment for local access controls and multi-tenant isolation to reduce exposure.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain pre-patch backups of Mbed TLS libraries and configurations; rollback may require service restart but not data migration.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for local timing measurement tools (e.g., perf, rdtsc, custom binaries) on systems using Mbed TLS.\\\",\\n \\\"Alert on unexpected local process access to Mbed TLS memory spaces or cryptographic key files.\\\",\\n \\\"Hunt for anomalous RSA key usage patterns (e.g., repeated decryption failures, unusual key access timing).\\\",\\n \\\"Scan for vulnerable Mbed TLS versions in asset inventory and prioritize patching in high-risk environments.\\\",\\n \\\"Use EDR/process monitoring to detect co-resident workloads with high-precision timing loops.\\\",\\n \\\"Audit cloud and container logs for cross-tenant cache side-channel activity indicators.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"No evidence of active exploitation in input data.\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00015 (percentile 0.02111)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Mbed TLS is a widely used embedded TLS library; compromise could affect downstream IoT and embedded products.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"CWE IDs\\\", \\\"Detailed affected version ranges\\\", \\\"Vendor patch links\\\", \\\"Exploit code availability\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"Severity label 'MEDIUM' conflicts with CVSS base score 6.2 (borderline HIGH threshold); aligned with MEDIUM per input.\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed 'local timing attack' implies CWE-203/208; no explicit CWE provided.\\\", \\\"Inferred attack scenarios from timing side-channel class and local access vector.\\\"],\\n \\\"confidence\\\": \\\"Medium (limited input data; relied on CVSS, EPSS, and advisory references for analysis).\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-ssbleed-mstep/\\\",\\n \\\"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"26\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2024-30949\",\n            \"component_name\": \"newlib\",\n            \"component_version\": \"4.1.0\",\n            \"component_cpe\": \"cpe:2.3:a:newlib_project:newlib:4.1.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/newlib@4.1.0\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2024-30949\\\",\\n \\\"title\\\": \\\"CVE-2024-30949 - newlib 4.3.0 _gettimeofday Time Unit Scaling Arbitrary Code Execution\\\",\\n \\\"short_description\\\": \\\"A critical vulnerability in newlib v4.3.0 allows an attacker to execute arbitrary code via the time unit scaling in the _gettimeofday function. The flaw has a CVSS 3.1 base score of 9.8, indicating severe risk due to its network-accessible, low-complexity exploitation path leading to complete system compromise.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability enables remote code execution without authentication or user interaction, posing a significant threat to systems using the affected newlib version. As newlib is a C library for embedded systems, exploitation could lead to complete device compromise, data exfiltration, or service disruption. The high CVSS score and critical severity underscore the immediate need for remediation in environments deploying this library version.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"9.8\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\\\",\\n \\\"severity_label\\\": \\\"CRITICAL\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"Not available / Not specified in input data\\\"],\\n \\\"weakness_summary\\\": \\\"The vulnerability stems from improper handling of time unit scaling within the _gettimeofday function, leading to arbitrary code execution. The exact mechanism isn't detailed in the input data, but the impact suggests memory corruption or buffer overflow.\\\",\\n \\\"attack_surface\\\": \\\"Network-accessible services or applications utilizing the vulnerable newlib _gettimeofday function. Embedded systems, IoT devices, and firmware are primary targets.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation is feasible due to network accessibility, low attack complexity, and no requirement for authentication or user interaction. However, no explicit evidence of in-the-wild exploitation or public PoC is present in the input data.\\\",\\n \\\"evidence_signals\\\": [\\\"CVSS 3.1 score of 9.8 indicates high severity\\\", \\\"EPSS score of 0.00511 suggests low current exploitation likelihood\\\", \\\"No CISA KEV or ransomware association mentioned\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Network\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Critical - Patch Immediately\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"The combination of a 9.8 CVSS score, remote code execution capability, and no authentication requirements mandates immediate patching. While EPSS suggests low current exploitation, the high potential impact on embedded systems justifies urgent action.\\\",\\n \\\"recommended_sla\\\": \\\"Apply patches or mitigations within 72 hours of availability, prioritizing internet-facing systems.\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Complete system compromise (Confidentiality, Integrity, Availability)\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation allows attackers to execute arbitrary code with the privileges of the process using newlib, potentially leading to full system control, data theft, service disruption, or lateral movement.\\\",\\n \\\"blast_radius\\\": \\\"Systems running newlib 4.3.0, particularly embedded devices, IoT, and firmware. The scope depends on deployment models and network exposure.\\\",\\n \\\"business_risk_rating\\\": \\\"4\\\",\\n \\\"business_risk_justification\\\": \\\"High business risk due to remote code execution potential, though mitigated by low EPSS score and lack of confirmed in-the-wild exploitation. Embedded systems often lack robust security monitoring, increasing post-exploitation impact.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"newlib\\\"],\\n \\\"affected_versions\\\": \\\"4.3.0\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Systems must utilize the vulnerable _gettimeofday function. Embedded platforms and custom firmware are typical deployment contexts.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High relevance for internet-facing devices or services using newlib 4.3.0, as the vulnerability is network-accessible.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Remote Device Compromise\\\",\\n \\\"attacker_goal\\\": \\\"Gain unauthorized access to an embedded device for data exfiltration or botnet enrollment.\\\",\\n \\\"steps_high_level\\\": [\\\"Identify target system running newlib 4.3.0 via network scanning or service fingerprinting.\\\", \\\"Craft malicious input exploiting the _gettimeofday time unit scaling vulnerability to trigger code execution.\\\", \\\"Establish persistent access, escalate privileges if needed, and exfiltrate data or deploy additional payloads.\\\"],\\n \\\"likely_targets\\\": \\\"Internet-facing embedded systems, IoT devices, network equipment.\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Supply Chain Compromise\\\",\\n \\\"attacker_goal\\\": \\\"Infiltrate organizations by targeting vulnerable firmware in deployed devices.\\\",\\n \\\"steps_high_level\\\": [\\\"Develop or acquire an exploit for the newlib vulnerability.\\\", \\\"Target devices with vulnerable firmware in supply chains or enterprise environments.\\\", \\\"Use compromised devices as footholds for lateral movement or data collection.\\\"],\\n \\\"likely_targets\\\": \\\"Enterprise IoT deployments, industrial control systems, consumer electronics.\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch or Update\\\",\\n \\\"mitigation_action\\\": [\\\"Immediately upgrade newlib to a version beyond 4.3.0 if available, applying vendor-provided patches.\\\", \\\"Isolate affected embedded systems from untrusted networks using firewalls or network segmentation to limit exposure.\\\", \\\"Conduct security audits of firmware and embedded devices to identify and inventory newlib 4.3.0 usage.\\\"],\\n \\\"workarounds\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"patching_notes\\\": \\\"Verify patch compatibility with existing firmware and conduct testing in non-production environments before deployment.\\\",\\n \\\"verification_steps\\\": [\\\"Inventory all systems and firmware versions to confirm newlib 4.3.0 usage.\\\", \\\"Apply patches or updates and validate that the _gettimeofday function no longer exhibits vulnerable behavior.\\\", \\\"Monitor for anomalous activity or exploitation attempts post-patch.\\\"],\\n \\\"rollback_considerations\\\": \\\"Ensure backup of firmware or system images before patching to facilitate rollback if issues arise.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor network traffic for anomalous patterns or unexpected connections to/from embedded devices.\\\",\\n \\\"Deploy endpoint detection (EDR) or monitoring agents on systems capable of running them to detect code execution attempts.\\\",\\n \\\"Hunt for process anomalies or crashes in services utilizing newlib, particularly those invoking time-related functions.\\\",\\n \\\"Utilize firmware analysis tools to scan for newlib 4.3.0 presence in device images.\\\",\\n \\\"Search logs for signs of exploitation, such as unexpected system calls or privilege escalations.\\\",\\n \\\"Implement network segmentation monitoring to detect lateral movement from embedded devices.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00511\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High - newlib is a foundational library for embedded systems, making this a potential supply chain issue.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"CWE identifier\\\", \\\"Fixed versions\\\", \\\"Vendor advisory details\\\", \\\"Workarounds\\\", \\\"Explicit exploit code references\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"No conflicts identified in the provided data.\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed embedded systems and IoT devices are primary targets based on newlib's typical usage.\\\", \\\"Inferred memory corruption or buffer overflow as the vulnerability class due to arbitrary code execution impact.\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details and CVSS are present, but lack of CWE, fixed versions, and exploit specifics limits full assessment.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://gist.github.com/visitorckw/6b26e599241ea80210ea136b28441661\\\",\\n \\\"https://inbox.sourceware.org/newlib/20231129035714.469943-1-visitorckw%40gmail.com/\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"28\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2020-22283\",\n            \"component_name\": \"lwip\",\n            \"component_version\": \"2.1.3\",\n            \"component_cpe\": \"cpe:2.3:a:lwip_project:lwip:2.1.3:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/lwip@2.1.3\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2020-22283\\\",\\n \\\"title\\\": \\\"lwIP ICMPv6 Response Buffer Overflow Information Disclosure\\\",\\n \\\"short_description\\\": \\\"A buffer overflow vulnerability exists in the icmp6_send_response_with_addrs_and_netif() function of the lwIP library (git head version). Attackers can exploit this by sending a crafted ICMPv6 packet to read sensitive information from adjacent memory locations.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows unauthenticated remote attackers to read sensitive information from device memory via a network-based attack. As lwIP is widely embedded in IoT devices, network equipment, and industrial control systems, successful exploitation could expose credentials, cryptographic keys, or other confidential data, potentially enabling further system compromise. The attack requires no authentication or user interaction and has a high impact on confidentiality.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"7.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\\\",\\n \\\"severity_label\\\": \\\"HIGH\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-120\\\"],\\n \\\"weakness_summary\\\": \\\"Classic buffer overflow in ICMPv6 response handling function allows reading beyond buffer boundaries, leading to information disclosure.\\\",\\n \\\"attack_surface\\\": \\\"Network-facing IPv6 stack implementation in lwIP library; exploitable through crafted ICMPv6 packets.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Vulnerability requires sending crafted ICMPv6 packets to vulnerable systems. No authentication or user interaction needed, but exploitation requires network access and knowledge of target IPv6 configuration.\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of active exploitation found in input data\\\", \\\"EPSS score suggests low current exploitation likelihood\\\", \\\"Vulnerability published in 2021 with limited recent activity\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Network-adjacent or routed IPv6 connectivity to target\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low - straightforward packet crafting required\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"High CVSS score (7.5) with information disclosure impact, but no evidence of active exploitation. lwIP is embedded software requiring coordinated update cycles. Prioritize patching during regular maintenance windows for affected devices.\\\",\\n \\\"recommended_sla\\\": \\\"90 days for internet-facing systems; 180 days for internal systems with network segmentation\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"High confidentiality impact with no integrity or availability impact. Attackers can read sensitive memory contents including potential credentials, keys, or session data.\\\",\\n \\\"technical_impact_details\\\": \\\"Buffer overflow allows reading beyond allocated buffer boundaries in ICMPv6 response handling. Memory contents may include stack data, heap allocations, or adjacent process memory containing authentication tokens, encryption keys, or user credentials.\\\",\\n \\\"blast_radius\\\": \\\"Moderate to high - lwIP is embedded in millions of IoT devices, network equipment, and industrial systems. Internet-facing IPv6-enabled devices are most exposed. Internal devices behind firewalls have reduced exposure.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Significant information disclosure risk for organizations using lwIP-enabled devices, particularly those handling sensitive data. Risk is moderated by lack of active exploitation evidence and the need for IPv6 network access to vulnerable systems.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"lwIP (Lightweight IP)\\\"],\\n \\\"affected_versions\\\": \\\"git head version (development snapshot)\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"IPv6 support must be enabled; ICMPv6 functionality required\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High - internet-facing IPv6-enabled devices running vulnerable lwIP versions are directly exposed to potential exploitation\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Remote Information Disclosure via ICMPv6\\\",\\n \\\"attacker_goal\\\": \\\"Extract sensitive memory contents including credentials or cryptographic material\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker identifies target with IPv6 connectivity and vulnerable lwIP implementation\\\", \\\"Craft malicious ICMPv6 packet triggering buffer overflow in icmp6_send_response_with_addrs_and_netif()\\\", \\\"Analyze response or side-channel to extract leaked memory contents\\\"],\\n \\\"likely_targets\\\": \\\"Internet-facing IoT devices, network equipment, industrial control systems using lwIP with IPv6 enabled\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Internal Network Reconnaissance\\\",\\n \\\"attacker_goal\\\": \\\"Gather intelligence about internal network configuration and potential credentials\\\",\\n \\\"steps_high_level\\\": [\\\"Gain initial access to internal network segment\\\", \\\"Scan for IPv6-enabled devices running lwIP\\\", \\\"Send crafted ICMPv6 packets to vulnerable systems to extract memory contents\\\", \\\"Use leaked information for lateral movement or privilege escalation\\\"],\\n \\\"likely_targets\\\": \\\"Internal network devices, embedded systems, IoT sensors using lwIP library\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Network Controls\\\",\\n \\\"mitigation_action\\\": [\\\"Update lwIP to patched version or apply vendor-provided firmware updates for affected embedded devices\\\", \\\"Implement network segmentation to restrict ICMPv6 traffic to trusted sources using firewall rules or ACLs\\\", \\\"Monitor network traffic for anomalous ICMPv6 patterns and implement IDS/IPS rules to detect exploitation attempts\\\"],\\n \\\"workarounds\\\": \\\"Disable IPv6 on non-essential systems or implement strict ICMPv6 filtering at network perimeter\\\",\\n \\\"patching_notes\\\": \\\"Verify patch compatibility with embedded device firmware and plan maintenance windows for IoT/OT devices. Test patches in non-production environment first.\\\",\\n \\\"verification_steps\\\": [\\\"Inventory all devices using lwIP library and document versions\\\", \\\"Test patched systems with vulnerability scanning tools\\\", \\\"Monitor logs for ICMPv6 anomalies post-patch\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of device configurations and firmware before patching. Plan rollback procedures for critical systems if patch causes operational issues.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor network traffic for unusual ICMPv6 packet patterns or malformed ICMPv6 messages using IDS/IPS systems\\\",\\n \\\"Search firewall and router logs for ICMPv6 traffic spikes or connections from unexpected sources\\\",\\n \\\"Implement endpoint detection rules for memory read operations in lwIP processes using EDR solutions\\\",\\n \\\"Hunt for network scanning activities targeting IPv6-enabled devices on internal networks\\\",\\n \\\"Monitor SIEM logs for correlation of ICMPv6 events with suspicious network behavior\\\",\\n \\\"Deploy network segmentation monitoring to detect lateral movement attempts via ICMPv6\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"No evidence of active exploitation found in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00251 (0.25%)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High - lwIP is embedded in numerous vendor products; vulnerability affects supply chain of IoT devices, network equipment, and industrial systems\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Specific affected version ranges beyond 'git head'\\\", \\\"Fixed version information\\\", \\\"Vendor-specific advisories\\\", \\\"Detailed technical analysis of exploit mechanism\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS scores show discrepancy: 0.2500 vs 0.00251 - using more recent EPSS value (0.00251)\\\", \\\"Limited information about actual exploitation in production environments\\\"],\\n \\\"assumptions_made\\\": [\\\"Assuming 'git head' refers to development version; production devices may use specific release versions\\\", \\\"Assuming IPv6 must be enabled for vulnerability exposure\\\", \\\"Assuming standard buffer overflow exploitation techniques apply\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear, but lack of specific version information and exploitation evidence limits confidence in risk assessment\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://lists.debian.org/debian-lts-announce/2023/11/msg00011.html\\\",\\n \\\"https://savannah.nongnu.org/bugs/index.php?58553\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"63\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2021-30004\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2021-30004\\\",\\n \\\"title\\\": \\\"AlgorithmIdentifier Parameter Mishandling in wpa_supplicant and hostapd 2.9\\\",\\n \\\"short_description\\\": \\\"In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows attackers to forge signatures or certificates by exploiting improper handling of AlgorithmIdentifier parameters in TLS/PKCS#1 and X.509 certificate parsing. While the CVSS score is moderate (5.3), the issue affects core cryptographic verification logic in widely deployed Wi-Fi authentication software. The vulnerability could enable man-in-the-middle attacks, session hijacking, or unauthorized network access if an attacker can inject malicious certificates or signatures. The impact is primarily integrity-related (data forging), but in enterprise Wi-Fi environments, this could lead to credential theft or lateral movement.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"5.3\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-295\\\"],\\n \\\"weakness_summary\\\": \\\"Improper Certificate Validation - The vulnerability involves mishandling AlgorithmIdentifier parameters during certificate/signature verification, allowing forged cryptographic material to be accepted as valid.\\\",\\n \\\"attack_surface\\\": \\\"TLS implementation in wpa_supplicant (client) and hostapd (AP) versions 2.9. Attackers can exploit this remotely without authentication when the affected software processes malicious certificates or signatures.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"No evidence of in-the-wild exploitation or public PoC was found in the input data. The vulnerability requires network access but no authentication, with low attack complexity. EPSS score of 0.00296 (percentile 0.52472) suggests relatively low exploitation likelihood as of 2025-11-23.\\\",\\n \\\"evidence_signals\\\": [\\n \\\"EPSS score: 0.00296 (low exploitation probability)\\\",\\n \\\"No CISA KEV listing\\\",\\n \\\"No public exploit references in input data\\\",\\n \\\"CVSS:3.1 vector indicates network-based, no-auth, low-complexity attack\\\"\\n ],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Network\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity cryptographic validation flaw with no active exploitation evidence. While the vulnerability affects core authentication components, the moderate CVSS score (5.3) and low EPSS probability suggest scheduled patching is appropriate. Priority should be given to internet-facing or high-security Wi-Fi deployments.\\\",\\n \\\"recommended_sla\\\": \\\"Apply patches within 30-60 days during regular maintenance windows, prioritizing internet-exposed or critical infrastructure Wi-Fi deployments.\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Integrity impact (I:L) - No confidentiality or availability impact per CVSS. Attackers can forge signatures/certificates but cannot directly compromise confidentiality or cause denial of service.\\\",\\n \\\"technical_impact_details\\\": \\\"The vulnerability allows attackers to create forged certificates or signatures that improperly validate as legitimate. This could enable man-in-the-middle attacks against WPA2-Enterprise or WPA3-Enterprise authentication, potentially allowing unauthorized network access or credential interception.\\\",\\n \\\"blast_radius\\\": \\\"Limited to systems running wpa_supplicant 2.9 (Wi-Fi clients) or hostapd 2.9 (access points). Impact scales with deployment size but requires attacker proximity or ability to inject malicious certificates into TLS handshakes.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to cryptographic validation bypass affecting Wi-Fi authentication. While no active exploitation is known, successful attacks could lead to unauthorized network access, credential theft, or lateral movement. Risk is elevated in environments with high-security requirements or internet-facing Wi-Fi infrastructure.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\n \\\"w1.fi hostapd 2.9\\\",\\n \\\"w1.fi wpa_supplicant 2.9\\\"\\n ],\\n \\\"affected_versions\\\": \\\"Version 2.9 of both wpa_supplicant and hostapd\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Affects systems using WPA2-Enterprise or WPA3-Enterprise authentication with TLS-based EAP methods (EAP-TLS, EAP-TTLS, PEAP). Standard WPA2/WPA3-Personal (PSK) deployments are not affected.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High relevance for internet-facing Wi-Fi access points or guest networks. Client devices are at risk when connecting to untrusted or compromised networks.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Enterprise Wi-Fi Man-in-the-Middle\\\",\\n \\\"attacker_goal\\\": \\\"Intercept enterprise Wi-Fi authentication to capture credentials or gain unauthorized network access\\\",\\n \\\"steps_high_level\\\": [\\n \\\"Attacker positions themselves between client and legitimate access point\\\",\\n \\\"Attacker injects forged certificate with malformed AlgorithmIdentifier during EAP-TLS handshake\\\",\\n \\\"Vulnerable wpa_supplicant improperly validates forged certificate, establishing encrypted tunnel with attacker\\\",\\n \\\"Attacker relays authentication to legitimate AP or captures credentials\\\"\\n ],\\n \\\"likely_targets\\\": \\\"Enterprise Wi-Fi networks using WPA2/3-Enterprise with EAP-TLS, particularly in high-traffic areas (lobbies, conference rooms)\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Rogue Access Point Certificate Forging\\\",\\n \\\"attacker_goal\\\": \\\"Create convincing rogue access point that appears legitimate to vulnerable clients\\\",\\n \\\"steps_high_level\\\": [\\n \\\"Attacker sets up rogue AP with SSID matching target enterprise network\\\",\\n \\\"Rogue AP presents forged server certificate exploiting AlgorithmIdentifier mishandling\\\",\\n \\\"Vulnerable wpa_supplicant clients accept forged certificate during authentication\\\",\\n \\\"Clients connect to rogue AP, exposing credentials and network traffic\\\"\\n ],\\n \\\"likely_targets\\\": \\\"Public spaces near corporate offices, airports, hotels where users expect to find enterprise Wi-Fi\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch Management\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade wpa_supplicant and hostapd to versions beyond 2.9 that include the fix referenced in commit a0541334a6394f8237a4393b7372693cd7e96f15.\\\",\\n \\\"Implement network segmentation to isolate Wi-Fi infrastructure from critical internal networks, limiting potential lateral movement.\\\",\\n \\\"Deploy certificate pinning or strict certificate validation policies for enterprise Wi-Fi authentication where supported by client devices.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"patching_notes\\\": \\\"Apply vendor-provided patches or upgrade to fixed versions. Test patches in non-production environment first, especially for embedded systems or IoT devices using affected wpa_supplicant versions.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify wpa_supplicant and hostapd versions on all Wi-Fi infrastructure and client devices are upgraded beyond 2.9.\\\",\\n \\\"Test Wi-Fi authentication functionality after patching to ensure no service disruption.\\\",\\n \\\"Monitor authentication logs for suspicious certificate validation failures or unexpected authentication attempts.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous wpa_supplicant/hostapd configurations before patching. Ensure rollback procedures are documented, especially for embedded systems where package management may be limited.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor Wi-Fi authentication logs for unexpected certificate validation failures or repeated authentication attempts from single clients.\\\",\\n \\\"Deploy network monitoring to detect rogue access points broadcasting enterprise SSIDs or exhibiting unusual certificate patterns.\\\",\\n \\\"Hunt for clients connecting to Wi-Fi networks with unexpected MAC addresses or authentication timing anomalies.\\\",\\n \\\"Search for TLS handshake failures or certificate chain validation errors in wpa_supplicant/hostapd logs.\\\",\\n \\\"Monitor for lateral movement from Wi-Fi segments to internal networks, potentially indicating successful exploitation.\\\",\\n \\\"Deploy certificate transparency logs monitoring to detect potentially forged certificates matching enterprise domain names.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"No evidence of active exploitation found in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00296 (percentile: 0.52472, date: 2025-11-23)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - Affects widely used open-source Wi-Fi software components embedded in many Linux distributions, IoT devices, and network equipment.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\n \\\"Fixed versions not specified\\\",\\n \\\"Detailed vendor advisory not provided\\\",\\n \\\"No CISA KEV status information\\\",\\n \\\"No specific workarounds documented\\\"\\n ],\\n \\\"conflicts_or_ambiguities\\\": [\\n \\\"EPSS score discrepancy: cves_euvd shows 0.3000 while cves_epss shows 0.00296 - using cves_epss value as more recent (2025-11-23)\\\",\\n \\\"Limited details on exact exploitation mechanism or real-world attack scenarios\\\"\\n ],\\n \\\"assumptions_made\\\": [\\n \\\"Assumed WPA2/3-Enterprise deployments are primary affected configuration\\\",\\n \\\"Inferred man-in-the-middle attack scenarios based on cryptographic validation bypass nature\\\",\\n \\\"Assumed patch availability through commit reference implies fixed versions exist\\\"\\n ],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details and affected products are clear, but limited information on fixed versions, exploitation details, and real-world impact reduces confidence in comprehensive assessment.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://security.gentoo.org/glsa/202309-16\\\",\\n \\\"https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"64\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2022-23303\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2022-23303\\\",\\n \\\"title\\\": \\\"Critical Side-Channel Vulnerability in WPA3-SAE Implementations (hostapd and wpa_supplicant)\\\",\\n \\\"short_description\\\": \\\"The implementations of Simultaneous Authentication of Equals (SAE) in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks due to cache access patterns. This is an incomplete fix for CVE-2019-9494.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows a remote, unauthenticated attacker to recover the Wi-Fi password through cache-based side-channel analysis without requiring user interaction. The attack targets the WPA3-SAE handshake, a core authentication mechanism, potentially compromising the entire wireless network's security. Given the widespread deployment of these libraries in access points and client devices, the impact is significant, affecting both enterprise and consumer Wi-Fi infrastructure.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"9.8\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\\\",\\n \\\"severity_label\\\": \\\"CRITICAL\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-203: Observable Discrepancy\\\"],\\n \\\"weakness_summary\\\": \\\"The vulnerability is a side-channel attack where variations in cache access patterns during the SAE cryptographic handshake leak information about the password. An attacker can observe these patterns to deduce the password, bypassing the need for brute-force attacks.\\\",\\n \\\"attack_surface\\\": \\\"The attack surface is the Wi-Fi network itself, specifically the SAE authentication process. An attacker within radio range can passively capture handshake frames and perform offline analysis to extract the password.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"High\\\",\\n \\\"exploit_summary\\\": \\\"While no explicit 'In-the-Wild' or 'Public PoC' signals are present in the input data, the vulnerability's nature (side-channel) and high CVSS score indicate a high likelihood of exploitability. The prerequisites are minimal: network adjacency and the ability to capture Wi-Fi frames.\\\",\\n \\\"evidence_signals\\\": [\\\"High CVSS score (9.8) indicating critical severity and ease of exploitation.\\\", \\\"Incomplete fix for a previously known vulnerability (CVE-2019-9494) suggests active research and potential for exploitation.\\\", \\\"EPSS score of 0.3000 (from cves_euvd) suggests a non-zero probability of exploitation, though the standard EPSS score is low (0.00301).\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Adjacent (Wi-Fi radio range)\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Critical - Patch Immediately\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"The vulnerability has a critical CVSS score of 9.8, requires no authentication or user interaction, and directly compromises the Wi-Fi password, which is a foundational security control. The affected software (hostapd, wpa_supplicant) is ubiquitous in Wi-Fi infrastructure and client devices, making this a high-priority issue for any organization relying on WPA3-SAE.\\\",\\n \\\"recommended_sla\\\": \\\"Apply patches within 72 hours of availability, prioritizing internet-facing or high-risk environments first.\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Complete compromise of Wi-Fi network confidentiality and integrity. Attackers can recover the Wi-Fi password, gain unauthorized network access, and potentially launch further attacks against internal resources.\\\",\\n \\\"technical_impact_details\\\": \\\"Confidentiality: High (password disclosure). Integrity: High (unauthorized access). Availability: High (potential for denial-of-service or man-in-the-middle attacks after gaining access).\\\",\\n \\\"blast_radius\\\": \\\"All devices using vulnerable versions of hostapd (access points) or wpa_supplicant (clients) are affected. The blast radius is extensive due to the widespread use of these libraries across various operating systems and embedded devices.\\\",\\n \\\"business_risk_rating\\\": \\\"5\\\",\\n \\\"business_risk_justification\\\": \\\"The risk is critical because the vulnerability undermines the primary authentication mechanism for Wi-Fi networks. A successful attack could lead to unauthorized access to sensitive corporate data, compliance violations (e.g., GDPR, HIPAA), and lateral movement within the network. The lack of authentication prerequisites makes it highly likely to be exploited if unpatched.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"hostapd\\\", \\\"wpa_supplicant\\\", \\\"Fedora 35\\\"],\\n \\\"affected_versions\\\": \\\"hostapd before 2.10, wpa_supplicant before 2.10\\\",\\n \\\"fixed_versions\\\": \\\"hostapd 2.10 and later, wpa_supplicant 2.10 and later\\\",\\n \\\"configuration_dependencies\\\": \\\"The vulnerability is present when WPA3-SAE (also known as WPA3-Personal) is enabled. WPA2 or other authentication methods are not directly affected by this specific issue.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"While the attack requires physical proximity (radio range), Wi-Fi networks in offices, public spaces, or homes with internet-connected devices are relevant. An attacker gaining access to the Wi-Fi network can then potentially access internet-facing services or pivot to internal networks.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Password Recovery via Side-Channel Analysis\\\",\\n \\\"attacker_goal\\\": \\\"Recover the Wi-Fi password to gain unauthorized network access.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker positions themselves within radio range of the target Wi-Fi network using WPA3-SAE.\\\", \\\"Attacker captures the SAE handshake frames exchanged between a legitimate client and the access point.\\\", \\\"Attacker performs offline analysis of the captured frames, exploiting cache access pattern variations to deduce the password.\\\"],\\n \\\"likely_targets\\\": \\\"Enterprise Wi-Fi networks, public hotspots, or any network relying on WPA3-SAE for authentication.\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Lateral Movement and Data Exfiltration\\\",\\n \\\"attacker_goal\\\": \\\"After gaining Wi-Fi access, move laterally to compromise internal systems and exfiltrate sensitive data.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker successfully recovers the Wi-Fi password using the side-channel attack.\\\", \\\"Attacker connects to the Wi-Fi network as an authenticated user.\\\", \\\"Attacker exploits weak internal network segmentation or unpatched systems to access sensitive data or critical infrastructure.\\\"],\\n \\\"likely_targets\\\": \\\"Corporate networks with valuable intellectual property, customer data, or financial information.\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch Management\\\",\\n \\\"mitigation_action\\\": [\\\"Upgrade hostapd to version 2.10 or later on all access points and wireless controllers.\\\", \\\"Upgrade wpa_supplicant to version 2.10 or later on all client devices (laptops, mobile devices, IoT).\\\", \\\"Verify that WPA3-SAE is still the desired authentication method after patching, as some configurations might have been changed during mitigation efforts.\\\"],\\n \\\"workarounds\\\": \\\"If immediate patching is not feasible, consider temporarily disabling WPA3-SAE and using WPA2-Enterprise (802.1X) with strong EAP methods (e.g., EAP-TLS) as a more secure alternative. However, this is not a direct fix and may not be practical for all environments.\\\",\\n \\\"patching_notes\\\": \\\"Patching requires updating the underlying software libraries on both access points and client devices. This may involve firmware updates for embedded devices or OS updates for laptops and mobile devices. Test patches in a non-production environment first to ensure compatibility.\\\",\\n \\\"verification_steps\\\": [\\\"Check the version of hostapd and wpa_supplicant on all systems to confirm they are at 2.10 or later.\\\", \\\"Verify that WPA3-SAE authentication is still functioning correctly after the patch.\\\", \\\"Monitor for any unusual Wi-Fi authentication failures or connection attempts that might indicate exploitation attempts.\\\"],\\n \\\"rollback_considerations\\\": \\\"If patching causes issues, rollback to the previous version and implement the WPA2-Enterprise workaround until a stable patch is available. Ensure that rollback procedures are tested and documented.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for unusual Wi-Fi authentication patterns, such as repeated SAE handshake failures from the same MAC address.\\\",\\n \\\"Use wireless intrusion detection systems (WIDS) to detect rogue access points or clients attempting to capture handshake frames.\\\",\\n \\\"Analyze network logs for unauthorized devices connecting to the Wi-Fi network after a potential password compromise.\\\",\\n \\\"Hunt for lateral movement from Wi-Fi-connected devices to critical internal servers, indicating a potential breach.\\\",\\n \\\"Monitor for unexpected outbound network traffic from Wi-Fi clients, which could indicate data exfiltration.\\\",\\n \\\"Correlate Wi-Fi authentication logs with physical access logs to identify potential attackers within radio range.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00301\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High - hostapd and wpa_supplicant are foundational components used in a wide range of products, including routers, access points, and operating systems. A vulnerability here has broad supply chain implications.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed vendor advisory link\\\", \\\"Specific proof-of-concept exploit code\\\", \\\"Information on whether the vulnerability is actively being exploited in the wild\\\", \\\"CISA KEV status\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"There is a discrepancy in the EPSS scores provided: cves_euvd reports 0.3000, while cves_epss reports 0.00301. The standard EPSS score (0.00301) is used in the prioritization_enrichment field, but the conflict is noted here.\\\"],\\n \\\"assumptions_made\\\": [\\\"It is assumed that the vulnerability affects all versions of hostapd and wpa_supplicant before 2.10, as no specific version ranges are provided beyond 'before 2.10'.\\\", \\\"It is assumed that the attack requires the attacker to be within radio range of the target network, as is typical for Wi-Fi side-channel attacks.\\\"],\\n \\\"confidence\\\": \\\"High - The vulnerability description is clear, the CVSS score is provided, and the affected products are identified. However, the lack of explicit evidence of active exploitation or public PoC reduces confidence in the immediate threat level.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPDHU5MV464CZBPX7N2SNMUYP6DFIBZL/\\\",\\n \\\"https://security.gentoo.org/glsa/202309-16\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"75\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2018-0497\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2018-0497\\\",\\n \\\"title\\\": \\\"ARM mbed TLS CBC Timing Side-Channel Vulnerability\\\",\\n \\\"short_description\\\": \\\"ARM mbed TLS versions before 2.12.0, 2.7.5, and 2.1.14 contain a timing-based side-channel vulnerability in CBC-based ciphersuites due to an incorrect fix for CVE-2013-0169, specifically an erroneous SHA-384 calculation, allowing remote attackers to achieve partial plaintext recovery.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows attackers to recover portions of encrypted plaintext from TLS connections using CBC ciphersuites without requiring authentication or user interaction. The flaw stems from a defective patch to a previous side-channel issue (CVE-2013-0169), reintroducing timing leakage. While the attack complexity is high and requires significant network access to collect timing measurements, successful exploitation compromises the confidentiality of encrypted communications. This is particularly concerning for systems handling sensitive data over TLS, as partial plaintext recovery can expose credentials, session tokens, or other confidential information. The vulnerability affects multiple versions of mbed TLS and is present in Linux distributions like Debian 8.0 and 9.0, broadening the potential impact across embedded systems, IoT devices, and server applications using this library.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.0\\\",\\n \\\"cvss_base_score\\\": \\\"5.9\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-208\\\", \\\"CWE-203\\\"],\\n \\\"weakness_summary\\\": \\\"Timing-based side-channel attack in CBC mode ciphersuites due to incorrect SHA-384 calculation in the fix for CVE-2013-0169.\\\",\\n \\\"attack_surface\\\": \\\"Network-accessible TLS endpoints using mbed TLS with CBC-based ciphersuites.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires remote network access, no authentication, and high attack complexity due to the need for precise timing measurements to conduct statistical analysis for plaintext recovery.\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of active exploitation found in input data.\\\", \\\"EPSS score indicates low exploitation likelihood (0.00619).\\\", \\\"Vendor security advisory published with patch information.\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Network\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"High\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"The vulnerability has a medium CVSS score (5.9) with high attack complexity, making exploitation challenging. However, it affects the confidentiality of encrypted communications and has a known patch path. Prioritize patching during the next scheduled maintenance window for systems using affected mbed TLS versions, especially those exposed to untrusted networks.\\\",\\n \\\"recommended_sla\\\": \\\"Patch within 90 days for internet-facing systems; 180 days for internal systems.\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Confidentiality impact is high (partial plaintext recovery); Integrity and Availability are not affected.\\\",\\n \\\"technical_impact_details\\\": \\\"Attackers can recover portions of plaintext from CBC-encrypted TLS sessions by analyzing timing variations. This does not allow modification of data or system compromise, but can leak sensitive information such as credentials or session tokens.\\\",\\n \\\"blast_radius\\\": \\\"Moderate. Affects all systems using vulnerable mbed TLS versions with CBC ciphersuites enabled. Impact is higher for internet-facing services and those handling sensitive data.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"The vulnerability poses a moderate business risk due to the potential for confidential data exposure, but the high attack complexity and lack of active exploitation reduce immediate threat. Risk is elevated for organizations with regulatory compliance requirements (e.g., GDPR, HIPAA) or those handling highly sensitive data over TLS.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"ARM mbed TLS\\\", \\\"Debian Linux 8.0\\\", \\\"Debian Linux 9.0\\\"],\\n \\\"affected_versions\\\": \\\"ARM mbed TLS versions before 2.12.0, before 2.7.5, and before 2.1.14; Debian 8.0 and 9.0.\\\",\\n \\\"fixed_versions\\\": \\\"ARM mbed TLS 2.12.0, 2.7.5, and 2.1.14 or later.\\\",\\n \\\"configuration_dependencies\\\": \\\"Vulnerability is present when using CBC-based ciphersuites in mbed TLS.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High for internet-facing TLS services; moderate for internal services.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Remote Plaintext Recovery via Timing Analysis\\\",\\n \\\"attacker_goal\\\": \\\"Recover sensitive plaintext data (e.g., credentials, session tokens) from encrypted TLS sessions.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker establishes multiple TLS connections to a vulnerable server using CBC ciphersuites.\\\", \\\"Attacker measures timing variations in server responses during the cryptographic operations.\\\", \\\"Attacker performs statistical analysis on collected timing data to recover portions of the plaintext.\\\"],\\n \\\"likely_targets\\\": \\\"Internet-facing web servers, API endpoints, or IoT devices using vulnerable mbed TLS versions.\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Credential Harvesting from Encrypted Sessions\\\",\\n \\\"attacker_goal\\\": \\\"Extract login credentials or session tokens from TLS-protected authentication flows.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker targets a vulnerable TLS endpoint handling user authentication.\\\", \\\"Attacker injects crafted requests and measures timing side-channels during CBC decryption.\\\", \\\"Attacker correlates timing data to recover authentication credentials or session identifiers.\\\"],\\n \\\"likely_targets\\\": \\\"Systems with high-value authentication data, such as admin panels or user login portals.\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Hardening\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade mbed TLS to version 2.12.0, 2.7.5, or 2.1.14 (or later) to apply the corrected fix for CVE-2013-0169.\\\",\\n \\\"Disable CBC-based ciphersuites in TLS configuration and prioritize authenticated encryption modes like AES-GCM if supported.\\\",\\n \\\"Monitor network traffic for anomalous timing patterns or repeated connection attempts that could indicate side-channel attack activity.\\\"\\n ],\\n \\\"workarounds\\\": \\\"If immediate patching is not feasible, consider disabling CBC ciphersuites in mbed TLS configuration or using a reverse proxy/WAF to enforce stricter cipher policies.\\\",\\n \\\"patching_notes\\\": \\\"Verify that the patch correctly addresses the SHA-384 calculation issue from CVE-2013-0169. Test TLS functionality after patching to ensure compatibility.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Check current mbed TLS version on affected systems against the fixed versions (2.12.0, 2.7.5, 2.1.14 or later).\\\",\\n \\\"Verify that CBC ciphersuites are disabled or that the patch is active by reviewing TLS configuration files.\\\",\\n \\\"Use vulnerability scanning tools to confirm the absence of CVE-2018-0497 in patched systems.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Ensure backups of configuration files and libraries are available before patching. Test rollback procedures in a non-production environment.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for unusual network traffic patterns, such as repeated TLS handshake attempts or connections with abnormal timing characteristics.\\\",\\n \\\"Analyze TLS logs for connections using CBC-based ciphersuites on vulnerable mbed TLS versions.\\\",\\n \\\"Deploy IDS/IPS rules to detect potential timing-based side-channel attack signatures (e.g., statistical analysis of packet timing).\\\",\\n \\\"Use endpoint monitoring to track access to sensitive files or processes that might indicate plaintext recovery attempts.\\\",\\n \\\"Hunt for anomalous outbound data transfers that could result from successful plaintext recovery.\\\",\\n \\\"Correlate threat intelligence feeds for known indicators of compromise (IoCs) related to CVE-2018-0497 exploitation.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"No evidence of active exploitation found in input data.\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00619\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Moderate. mbed TLS is widely used in embedded systems and IoT devices, potentially affecting downstream products.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed exploit code or PoC references\\\", \\\"CISA KEV status\\\", \\\"Ransomware association data\\\", \\\"Specific vendor patch links\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS score discrepancy: cves_euvd reports 0.6200, while cves_epss reports 0.00619. Using cves_epss value as it is explicitly labeled as EPSS.\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed that systems using mbed TLS with CBC ciphersuites are at higher risk.\\\", \\\"Assumed that patching is the primary mitigation, with configuration hardening as a secondary measure.\\\"],\\n \\\"confidence\\\": \\\"High confidence in vulnerability details and patch information; moderate confidence in exploitability due to lack of active exploitation evidence.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html\\\",\\n \\\"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"83\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2020-10932\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.7,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2020-10932\\\",\\n \\\"title\\\": \\\"Arm Mbed TLS ECDSA Side-Channel Information Leak\\\",\\n \\\"short_description\\\": \\\"A side-channel vulnerability in Arm Mbed TLS (versions before 2.16.6 and 2.7.x before 2.7.15) allows local attackers with precise side-channel measurement capabilities to recover ECDSA private keys by exploiting leakage during projective-to-affine coordinate conversion and applying a known cryptanalytic technique.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability enables complete compromise of ECDSA private keys through side-channel analysis, undermining the foundation of ECDSA-based authentication and encryption. While exploitation requires local access and precise measurements, successful attacks result in permanent key material exposure, requiring full key rotation and potentially enabling impersonation, data decryption, or certificate forgery.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"4.7\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-203: Observable Discrepancy\\\"],\\n \\\"weakness_summary\\\": \\\"Information leak through observable timing discrepancies in cryptographic operations, specifically during ECC projective coordinate conversion allowing recovery of secret key material.\\\",\\n \\\"attack_surface\\\": \\\"Local cryptographic library operations, particularly ECDSA signing operations where attackers can measure side channels (cache timing, power analysis, etc.).\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires local access with ability to obtain precise side-channel measurements, low privileges, and knowledge of cryptanalytic techniques. No public exploit code or active exploitation reported.\\\",\\n \\\"evidence_signals\\\": [\\\"No CISA KEV listing\\\", \\\"No vendor reports of active exploitation\\\", \\\"Academic attack technique (Naccache-Smart-Stern) referenced\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Local\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"Low\\\",\\n \\\"attack_complexity\\\": \\\"High\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium CVSS with high attack complexity and local-only access reduces immediate risk, but cryptographic key compromise has severe long-term consequences. Prioritize patching during regular maintenance cycles for systems using ECDSA.\\\",\\n \\\"recommended_sla\\\": \\\"90 days for internet-facing systems; 180 days for internal systems\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Confidentiality: High (private key recovery); Integrity: None; Availability: None\\\",\\n \\\"technical_impact_details\\\": \\\"Complete ECDSA private key recovery enables impersonation of legitimate entities, decryption of protected data, and certificate forgery. Impact persists even after patching if keys were previously compromised.\\\",\\n \\\"blast_radius\\\": \\\"Limited to systems where attackers have local access and can obtain precise side-channel measurements. However, compromised keys can affect all systems trusting those credentials.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate risk due to high attack complexity and local access requirement, but critical impact if exploited. Organizations using Mbed TLS for ECDSA operations in shared environments or with high-value keys should prioritize remediation.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Arm Mbed TLS\\\", \\\"Fedora 31\\\", \\\"Fedora 32\\\", \\\"Debian Linux 10.0\\\"],\\n \\\"affected_versions\\\": \\\"Mbed TLS before 2.16.6 and 2.7.x before 2.7.15\\\",\\n \\\"fixed_versions\\\": \\\"Mbed TLS 2.16.6 and 2.7.15\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires ECDSA operations to be performed. Systems not using ECDSA or with side-channel protections may have reduced exposure.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Low direct relevance (local attack), but compromised keys from internet-facing systems could enable broader attacks.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Shared Cloud Environment Key Extraction\\\",\\n \\\"attacker_goal\\\": \\\"Recover ECDSA private keys from co-located virtual machines\\\",\\n \\\"steps_high_level\\\": [\\\"Deploy malicious workload on shared cloud infrastructure\\\", \\\"Use precision timing measurements to observe Mbed TLS ECDSA operations\\\", \\\"Apply Naccache-Smart-Stern attack to recover private key bits\\\", \\\"Reconstruct complete private key from partial information\\\"],\\n \\\"likely_targets\\\": \\\"Cloud-based services using Mbed TLS for ECDSA authentication, particularly in multi-tenant environments\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Physical Access Side-Channel Attack\\\",\\n \\\"attacker_goal\\\": \\\"Extract cryptographic keys from embedded devices\\\",\\n \\\"steps_high_level\\\": [\\\"Gain physical access to device running vulnerable Mbed TLS\\\", \\\"Use power analysis or electromagnetic measurements during ECDSA operations\\\", \\\"Collect sufficient side-channel traces to identify projective coordinate patterns\\\", \\\"Recover long-term private key through statistical analysis\\\"],\\n \\\"likely_targets\\\": \\\"IoT devices, embedded systems, and hardware security modules using Mbed TLS\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Key Rotation\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade Mbed TLS to version 2.16.6 or later (2.7.15+ for 2.7.x branch) to eliminate the side-channel leak.\\\",\\n \\\"Rotate all ECDSA private keys that were used on vulnerable versions, especially those in shared environments or with high-value assets.\\\",\\n \\\"Implement side-channel resistant coding practices and consider hardware countermeasures for critical cryptographic operations.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disable ECDSA if not required; use RSA or other algorithms less susceptible to this specific attack. Implement constant-time cryptographic implementations.\\\",\\n \\\"patching_notes\\\": \\\"Coordinate with development teams to update Mbed TLS dependencies. Test cryptographic functionality after upgrade. Consider backward compatibility with existing key material.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify Mbed TLS version is 2.16.6+ or 2.7.15+ using version inspection tools or library queries.\\\",\\n \\\"Confirm ECDSA operations function correctly after upgrade through test suites and integration testing.\\\",\\n \\\"Review key rotation procedures to ensure no vulnerable key material remains in production.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain previous version backups and test rollback procedures. Ensure key material from patched versions remains compatible if rollback becomes necessary.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for unusual local access patterns or privilege escalation attempts on systems using Mbed TLS\\\",\\n \\\"Implement EDR rules to detect side-channel measurement tools or timing analysis utilities\\\",\\n \\\"Search logs for cryptographic operations with abnormal timing characteristics or repeated ECDSA operations\\\",\\n \\\"Hunt for unauthorized certificate usage or unexpected ECDSA-signed artifacts that may indicate key compromise\\\",\\n \\\"Monitor network traffic for connections to systems that may be performing side-channel analysis\\\",\\n \\\"Review cloud instance logs for co-residency with potentially malicious workloads\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"No evidence of active exploitation in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00027\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - Mbed TLS is widely used in embedded systems and IoT devices; key compromise could affect downstream products\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed vendor advisory link\\\", \\\"Complete list of affected products beyond OS distributions\\\", \\\"Specific patch availability dates\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS score discrepancy: 0.0300 vs 0.00027 - using 0.00027 as it's from dedicated EPSS source\\\", \\\"Limited information on exact vulnerable configurations and usage patterns\\\"],\\n \\\"assumptions_made\\\": [\\\"Attack requires local access based on CVSS:3.1/AV:L\\\", \\\"High attack complexity inferred from CVSS:3.1/AC:H and technical description\\\", \\\"Key rotation required due to permanent nature of key compromise\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear, but limited information on real-world exploitation and specific affected configurations\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html\\\",\\n \\\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCWN5HIF4CJ2LZTOMEBJ7Q4IMMV7ZU2V/\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"124\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2025-49600\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2025-49600\\\",\\n \\\"title\\\": \\\"MbedTLS LMS Signature Verification Bypass via Unchecked Hash Computation Errors\\\",\\n \\\"short_description\\\": \\\"MbedTLS 3.3.0 through 3.6.3 contains an LMS signature verification bypass vulnerability where mbedtls_lms_verify may accept invalid signatures if hash computation fails and internal errors go unchecked, allowing signature forgery in specific fault scenarios.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows attackers who can induce hardware hash accelerator faults to bypass LMS signature verification by reusing stale stack data, resulting in acceptance of invalid signatures. While exploitation requires physical access and fault injection capabilities, successful attacks undermine cryptographic integrity guarantees in systems relying on LMS signatures for authentication or code signing.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"4.9\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-252\\\"],\\n \\\"weakness_summary\\\": \\\"Unchecked return values in mbedtls_lms_verify allow hash computation failures to propagate as signature verification bypass\\\",\\n \\\"attack_surface\\\": \\\"LMS signature verification API in MbedTLS library when processing malformed or fault-induced hash computations\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Low\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires physical access and hardware fault injection capabilities to induce hash accelerator failures\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of public exploits or in-the-wild exploitation\\\", \\\"EPSS score indicates very low exploitation probability (0.00011)\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"No\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"High\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity with high attack complexity and physical access requirements limit immediate threat, but cryptographic integrity vulnerabilities warrant scheduled patching in security-conscious environments\\\",\\n \\\"recommended_sla\\\": \\\"90 days for internet-facing systems; 180 days for internal systems\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Integrity impact (High) with no confidentiality or availability impact\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation results in acceptance of forged LMS signatures, potentially allowing unauthorized code execution, system compromise, or authentication bypass in systems relying on LMS signatures\\\",\\n \\\"blast_radius\\\": \\\"Limited to systems using MbedTLS LMS signature verification with physical access exposure and fault injection susceptibility\\\",\\n \\\"business_risk_rating\\\": \\\"2\\\",\\n \\\"business_risk_justification\\\": \\\"Low exploitation likelihood due to physical access and fault injection requirements, but integrity impact is significant for security-critical systems using LMS signatures\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Arm Mbed TLS\\\"],\\n \\\"affected_versions\\\": \\\"3.3.0 through 3.6.3\\\",\\n \\\"fixed_versions\\\": \\\"3.6.4\\\",\\n \\\"configuration_dependencies\\\": \\\"Systems must have LMS signature verification enabled and be susceptible to hardware fault injection\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Low relevance unless physical access to internet-facing hardware is achievable\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Hardware Fault Injection Attack on Embedded Device\\\",\\n \\\"attacker_goal\\\": \\\"Bypass secure boot or firmware validation using forged LMS signatures\\\",\\n \\\"steps_high_level\\\": [\\\"Gain physical access to target device with MbedTLS LMS verification\\\", \\\"Induce hardware fault in hash accelerator during signature verification\\\", \\\"Exploit unchecked error to bypass signature validation with stale stack data\\\"],\\n \\\"likely_targets\\\": \\\"Embedded systems, IoT devices, secure boot mechanisms using LMS signatures\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch Management\\\",\\n \\\"mitigation_action\\\": [\\\"Upgrade MbedTLS to version 3.6.4 or later to address the unchecked return value issue\\\", \\\"Implement physical security controls to prevent unauthorized hardware access and fault injection attacks\\\", \\\"Monitor for security advisory updates and apply patches within recommended SLA windows\\\"],\\n \\\"workarounds\\\": \\\"Restrict physical access to systems using MbedTLS LMS signature verification; implement hardware tamper detection mechanisms\\\",\\n \\\"patching_notes\\\": \\\"Version 3.6.4 contains the fix; review MbedTLS security advisory 2025-06-3 for detailed technical information\\\",\\n \\\"verification_steps\\\": [\\\"Verify MbedTLS version is 3.6.4 or later using version query APIs\\\", \\\"Test LMS signature verification functionality post-update\\\", \\\"Review system logs for any signature verification failures or anomalies\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous MbedTLS version and configuration; test rollback procedures in non-production environment\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for repeated LMS signature verification failures in MbedTLS logs\\\",\\n \\\"Detect anomalous hardware behavior or fault injection attempts using hardware monitoring tools\\\",\\n \\\"Hunt for unexpected signature validation successes following hash computation errors\\\",\\n \\\"Monitor physical access logs for unauthorized hardware tampering attempts\\\",\\n \\\"Implement runtime integrity checks for LMS signature verification code paths\\\",\\n \\\"Monitor for EPSS score changes or new exploit intelligence related to CVE-2025-49600\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"No evidence of active exploitation\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00011 (0.01044 percentile)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"MbedTLS is widely used in embedded systems and IoT devices; vulnerability affects cryptographic integrity in supply chain attestation mechanisms\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed CWE classification\\\", \\\"Complete affected version ranges beyond CPE\\\", \\\"Vendor-specific impact assessment\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"Description appears truncated ('th' at end suggests incomplete text)\\\"],\\n \\\"assumptions_made\\\": [\\\"CWE-252 (Unchecked Return Value) inferred from description of unchecked return values\\\", \\\"Physical access requirement inferred from CVSS AV:P metric\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear but some descriptive text appears incomplete\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-3.md\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"92\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2020-36475\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2020-36475\\\",\\n \\\"title\\\": \\\"Mbed TLS mbedtls_mpi_exp_mod Uncontrolled Resource Consumption DoS\\\",\\n \\\"short_description\\\": \\\"Mbed TLS versions before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS) contain a vulnerability in the mbedtls_mpi_exp_mod function where calculations are not limited. Supplying overly large parameters during Diffie-Hellman key pair generation can lead to excessive resource consumption and denial of service.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows unauthenticated remote attackers to cause a denial of service by triggering computationally expensive modular exponentiation operations. It affects a widely used cryptographic library embedded in IoT devices, industrial control systems, and network equipment, potentially disrupting secure communication channels and key exchange processes.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"7.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\\\",\\n \\\"severity_label\\\": \\\"HIGH\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-770\\\"],\\n \\\"weakness_summary\\\": \\\"Allocation of Resources Without Limits or Throttling - The mbedtls_mpi_exp_mod function lacks proper bounds checking on input parameters, allowing attackers to supply maliciously crafted large values that cause excessive CPU/memory consumption.\\\",\\n \\\"attack_surface\\\": \\\"Network-accessible services using Mbed TLS for Diffie-Hellman key exchange; particularly relevant for TLS/DTLS servers, VPN endpoints, and embedded systems with limited computational resources.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires network access but no authentication or user interaction. Attack complexity is low, though effectiveness depends on target system resources and specific deployment configurations.\\\",\\n \\\"evidence_signals\\\": [\\n \\\"No explicit evidence of in-the-wild exploitation found in input data\\\",\\n \\\"EPSS score of 0.00410 (0.4700 in alternative source) suggests low current exploitation likelihood\\\",\\n \\\"No CISA KEV listing or public PoC references present in input data\\\"\\n ],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes - Network-accessible service required\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"High CVSS score (7.5) with network-accessible attack vector and no authentication required, but limited evidence of active exploitation. Priority driven by potential service disruption to critical infrastructure components, particularly Siemens industrial devices and embedded systems.\\\",\\n \\\"recommended_sla\\\": \\\"Apply patches within 30-60 days during scheduled maintenance windows; prioritize internet-facing systems and critical infrastructure components first.\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Availability: High (Complete denial of service possible); Confidentiality: None; Integrity: None\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation causes excessive CPU consumption and potential memory exhaustion during Diffie-Hellman key generation, leading to service unavailability. Impact severity varies based on system resources - embedded devices with limited computational capacity are most vulnerable to complete service disruption.\\\",\\n \\\"blast_radius\\\": \\\"Medium to High - Affects Mbed TLS library deployments across multiple vendors (ARM, Siemens industrial devices, Debian Linux). Particularly concerning for OT/ICS environments where availability is critical. Supply chain impact through embedded library distribution.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to availability impact on critical systems, but limited to DoS rather than data compromise. Risk elevated for organizations with Siemens industrial equipment, embedded IoT devices, or high-availability requirements. No evidence of ransomware association or data exfiltration capability.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\n \\\"ARM Mbed TLS\\\",\\n \\\"Siemens LOGO! CMR2020\\\",\\n \\\"Siemens LOGO! CMR2040\\\", \\n \\\"Siemens SIMATIC RTU3031C\\\",\\n \\\"Siemens SIMATIC RTU3041C\\\",\\n \\\"Siemens SIMATIC RTU3030C\\\",\\n \\\"Siemens SIMATIC RTU3000C\\\",\\n \\\"Debian Linux 9.0\\\",\\n \\\"Debian Linux 10.0\\\"\\n ],\\n \\\"affected_versions\\\": \\\"Mbed TLS versions before 2.25.0, before 2.16.9 LTS, and before 2.7.18 LTS\\\",\\n \\\"fixed_versions\\\": \\\"Mbed TLS 2.25.0, 2.16.9 LTS, 2.7.18 LTS and later\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires services using Mbed TLS for cryptographic operations, particularly Diffie-Hellman key exchange. More impactful on resource-constrained embedded systems and devices with internet exposure.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High - Network-accessible services using affected Mbed TLS versions are directly vulnerable. Internet-facing TLS/DTLS endpoints, VPN concentrators, and industrial control systems with external connectivity are primary concerns.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Industrial Control System DoS Attack\\\",\\n \\\"attacker_goal\\\": \\\"Disrupt operational technology services by exhausting computational resources\\\",\\n \\\"steps_high_level\\\": [\\n \\\"Attacker identifies internet-accessible Siemens industrial device using vulnerable Mbed TLS version\\\",\\n \\\"Craft malicious TLS handshake with oversized Diffie-Hellman parameters targeting mbedtls_mpi_exp_mod\\\",\\n \\\"Repeated connection attempts cause CPU exhaustion, rendering device unresponsive to legitimate traffic\\\"\\n ],\\n \\\"likely_targets\\\": \\\"Siemens LOGO! controllers, SIMATIC RTU devices, and other industrial equipment with network exposure\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Embedded IoT Device Resource Exhaustion\\\",\\n \\\"attacker_goal\\\": \\\"Denial of service against resource-constrained IoT endpoints\\\",\\n \\\"steps_high_level\\\": [\\n \\\"Scan network for devices using Mbed TLS for TLS/DTLS connections\\\",\\n \\\"Initiate connection with maliciously large cryptographic parameters\\\",\\n \\\"Exploit uncontrolled computation in modular exponentiation to cause service degradation or crash\\\"\\n ],\\n \\\"likely_targets\\\": \\\"Embedded systems, IoT devices, and network equipment with limited CPU/memory resources\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch Management\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade Mbed TLS to version 2.25.0 or later (2.16.9 LTS or 2.7.18 LTS for long-term support branches) on all affected systems.\\\",\\n \\\"Apply vendor-specific patches for Siemens industrial devices per Siemens security advisory SSA-756638.\\\",\\n \\\"Implement network segmentation and access controls to limit exposure of vulnerable systems to untrusted networks.\\\"\\n ],\\n \\\"workarounds\\\": \\\"If immediate patching is not feasible, consider rate-limiting TLS handshake attempts, implementing connection throttling, or restricting network access to vulnerable services. However, these measures only reduce attack surface rather than eliminate vulnerability.\\\",\\n \\\"patching_notes\\\": \\\"Coordinate patching with operational teams for industrial control systems to minimize service disruption. Test patches in non-production environments first, especially for embedded systems where computational overhead changes may affect performance.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify Mbed TLS version using library identification methods or version strings in application logs.\\\",\\n \\\"Confirm patch application by checking for mbedtls_mpi_exp_mod parameter validation improvements.\\\",\\n \\\"Monitor CPU utilization and connection success rates post-patch to ensure normal operation.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain pre-patch backups and configuration snapshots. If performance issues arise, consider gradual rollout with monitoring. For embedded devices, ensure firmware backup availability before updates.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for anomalous CPU utilization spikes during TLS handshake operations, particularly during Diffie-Hellman key exchange phases.\\\",\\n \\\"Detect repeated connection attempts with unusually large cryptographic parameters or malformed TLS handshakes targeting vulnerable services.\\\",\\n \\\"Alert on resource exhaustion patterns in industrial control systems and embedded devices using Mbed TLS.\\\",\\n \\\"Hunt for network scanning activities targeting ports commonly associated with TLS/DTLS services (443, 4433, 853, etc.) followed by connection attempts.\\\",\\n \\\"Monitor system logs for mbedtls_mpi_exp_mod function errors or excessive computation time warnings.\\\",\\n \\\"Implement baseline monitoring for normal TLS handshake duration and flag deviations suggesting computational resource abuse.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"No evidence of active exploitation found in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00410 (percentile: 0.60587) - Low exploitation probability according to EPSS model\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High - Mbed TLS is embedded in multiple vendor products including Siemens industrial devices and Linux distributions, creating widespread supply chain exposure\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\n \\\"Detailed vendor patch availability information beyond version numbers\\\",\\n \\\"Specific proof-of-concept exploit details or technical deep dive documentation\\\",\\n \\\"CISA KEV status confirmation\\\",\\n \\\"Ransomware or advanced persistent threat group associations\\\"\\n ],\\n \\\"conflicts_or_ambiguities\\\": [\\n \\\"EPSS score discrepancy: 0.00410 vs 0.4700 between different data sources - using 0.00410 as primary EPSS value\\\",\\n \\\"Limited information on specific attack vectors beyond Diffie-Hellman key exchange scenario\\\"\\n ],\\n \\\"assumptions_made\\\": [\\n \\\"Assumed network accessibility requirement based on CVSS vector (AV:N)\\\",\\n \\\"Inferred industrial control system impact from Siemens device listings\\\",\\n \\\"Presumed computational resource exhaustion as primary attack mechanism based on CWE-770 classification\\\"\\n ],\\n \\\"confidence\\\": \\\"Medium-High - Core vulnerability details and affected versions are well-documented, but limited exploitation intelligence and technical specifics reduce confidence in attack scenario precision\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://cert-portal.siemens.com/productcert/pdf/ssa-756638.pdf\\\",\\n \\\"https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.9\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"114\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2024-30166\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2024-30166\\\",\\n \\\"title\\\": \\\"Mbed TLS TLS 1.3 Server Stack Buffer Over-read Vulnerability\\\",\\n \\\"short_description\\\": \\\"Mbed TLS 3.3.0 through 3.5.2 (before 3.6.0) contains a stack buffer over-read vulnerability in the TLS 1.3 server implementation. A malicious client can trigger the vulnerability by sending a crafted TLS 3.1 ClientHello message, leading to potential information disclosure or denial of service.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows an unauthenticated remote attacker to cause a stack buffer over-read in a TLS 1.3 server, potentially leaking up to 256 bytes of stack memory or crashing the server process. The attack requires only network access and no authentication, making it exploitable against any exposed Mbed TLS 3.x server. Given Mbed TLS's widespread use in embedded systems, IoT devices, and enterprise applications, this vulnerability could affect critical infrastructure components with limited monitoring capabilities.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"9.1\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\\\",\\n \\\"severity_label\\\": \\\"CRITICAL\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-126\\\"],\\n \\\"weakness_summary\\\": \\\"Stack buffer over-read of less than 256 bytes in TLS 1.3 server implementation when processing a malicious TLS 3.1 ClientHello message.\\\",\\n \\\"attack_surface\\\": \\\"Network-exposed TLS 1.3 servers using Mbed TLS library versions 3.3.0 through 3.5.2.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"No evidence of active exploitation or public proof-of-concept exists in the input data. However, the vulnerability has low attack complexity, requires no authentication or user interaction, and affects network-accessible services, making it moderately exploitable.\\\",\\n \\\"evidence_signals\\\": [\\\"CVSS 3.1 base score of 9.1 indicates critical severity\\\", \\\"EPSS score of 0.00478 (64th percentile) suggests moderate exploitation likelihood\\\", \\\"No CISA KEV or ransomware association mentioned in input data\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"High - Urgent Verification\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"Critical CVSS score (9.1) combined with network-accessible attack surface and potential for information disclosure requires immediate verification of affected systems and rapid patching. While no active exploitation is documented, the low attack complexity makes this a priority for security engineering teams to assess exposure and implement mitigations.\\\",\\n \\\"recommended_sla\\\": \\\"Initial assessment within 24 hours, patch deployment within 7 days for critical systems, 14 days for standard systems.\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"High confidentiality impact (information disclosure) and high availability impact (denial of service). No integrity impact.\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation could leak up to 256 bytes of stack memory from the TLS server process, potentially exposing sensitive data such as cryptographic keys, session tokens, or application state. The denial of service component could crash the server process, disrupting service availability.\\\",\\n \\\"blast_radius\\\": \\\"All Mbed TLS 3.3.0-3.5.2 servers with TLS 1.3 enabled and network exposure are potentially affected. The impact scope depends on deployment architecture, internet exposure, and compensating controls.\\\",\\n \\\"business_risk_rating\\\": \\\"4\\\",\\n \\\"business_risk_justification\\\": \\\"High business risk due to critical CVSS score, potential for sensitive data exposure, service disruption, and widespread deployment of Mbed TLS in embedded and IoT systems that may have limited monitoring and slower patch cycles.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Mbed TLS\\\"],\\n \\\"affected_versions\\\": \\\"3.3.0 through 3.5.2\\\",\\n \\\"fixed_versions\\\": \\\"3.6.0\\\",\\n \\\"configuration_dependencies\\\": \\\"TLS 1.3 server functionality must be enabled and network-accessible.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High relevance - vulnerability requires network access and affects services that are typically internet-facing or accessible from untrusted networks.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Remote Information Disclosure Attack\\\",\\n \\\"attacker_goal\\\": \\\"Extract sensitive information from TLS server memory\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker identifies target running vulnerable Mbed TLS version\\\", \\\"Crafts malicious TLS 3.1 ClientHello message\\\", \\\"Sends crafted packet to trigger stack buffer over-read\\\", \\\"Analyzes server response or behavior to extract leaked memory contents\\\"],\\n \\\"likely_targets\\\": \\\"Internet-facing TLS servers, IoT devices, embedded systems using Mbed TLS\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Denial of Service Attack\\\",\\n \\\"attacker_goal\\\": \\\"Crash the TLS server to disrupt service availability\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker scans for systems running Mbed TLS 3.3.0-3.5.2\\\", \\\"Sends crafted TLS 3.1 ClientHello to trigger buffer over-read\\\", \\\"Exploits the vulnerability to cause segmentation fault or crash\\\", \\\"Repeats attack to maintain service unavailability\\\"],\\n \\\"likely_targets\\\": \\\"Critical infrastructure components, embedded devices with limited crash recovery\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Management\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade Mbed TLS to version 3.6.0 or later immediately for all affected systems.\\\",\\n \\\"Implement network segmentation and access controls to limit exposure of TLS services to untrusted networks.\\\",\\n \\\"Deploy intrusion detection/prevention systems to monitor for anomalous ClientHello patterns and potential exploitation attempts.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Consider disabling TLS 1.3 server functionality if not required, though this may impact security and compatibility.\\\",\\n \\\"patching_notes\\\": \\\"Version 3.6.0 contains the fix. Test patches in non-production environments before deployment. Consider the extensive use of Mbed TLS in embedded systems that may require vendor coordination for updates.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Inventory all systems and applications using Mbed TLS and verify versions against affected range (3.3.0-3.5.2).\\\",\\n \\\"Test TLS 1.3 functionality after patching to ensure compatibility and service availability.\\\",\\n \\\"Monitor logs and network traffic for signs of exploitation attempts or anomalous ClientHello messages.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backups and documented rollback procedures in case patch deployment causes compatibility issues or service disruption.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor network traffic for anomalous or malformed TLS ClientHello messages, particularly those claiming TLS 3.1 version.\\\",\\n \\\"Implement EDR/SIEM rules to detect sudden crashes or abnormal termination of TLS server processes.\\\",\\n \\\"Search logs for repeated connection attempts or scans targeting TLS services on unusual ports.\\\",\\n \\\"Hunt for memory dumps or core files generated by TLS server processes, which may indicate exploitation attempts.\\\",\\n \\\"Monitor for unusual outbound network connections or data exfiltration patterns from TLS server hosts.\\\",\\n \\\"Deploy network-based IDS/IPS signatures specifically targeting the Mbed TLS buffer over-read vulnerability.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00478\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High - Mbed TLS is widely used as a cryptographic library in embedded systems, IoT devices, and enterprise applications, making this a potential supply chain concern.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed technical analysis of the vulnerability mechanism\\\", \\\"Specific vendor statements or advisories beyond release notes\\\", \\\"Information about affected hardware platforms or operating systems\\\", \\\"Details about the TLS 3.1 ClientHello manipulation technique\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"Input mentions 'TLS 3.1 ClientHello' which may be a typo for TLS 1.3 or TLS 1.0 - clarification needed from vendor documentation\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed TLS 1.3 server functionality is required for exploitation\\\", \\\"Assumed standard network exposure scenarios\\\", \\\"Assumed typical enterprise deployment patterns for Mbed TLS\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details and affected versions are clear, but some technical specifics and exploitation details require additional vendor documentation.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0\\\",\\n \\\"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"95\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2020-36478\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2020-36478\\\",\\n \\\"title\\\": \\\"Mbed TLS Certificate Validation Bypass Vulnerability\\\",\\n \\\"short_description\\\": \\\"Mbed TLS versions before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS) contain a flaw in certificate validation where a NULL algorithm parameters entry is incorrectly treated as equivalent to an array of REAL parameters with size zero, causing the certificate to be considered valid when it should be invalid.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows attackers to potentially bypass certificate validation, undermining the trust foundation of TLS/SSL communications. It affects a widely-used cryptographic library embedded in numerous IoT devices, industrial control systems (Siemens LOGO! and SIMATIC RTU devices), and Linux distributions (Debian). Successful exploitation could enable man-in-the-middle attacks, unauthorized access to encrypted communications, and compromise of secure channels without detection.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"7.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\\\",\\n \\\"severity_label\\\": \\\"HIGH\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-295\\\"],\\n \\\"weakness_summary\\\": \\\"Improper Certificate Validation - The library fails to properly distinguish between NULL and empty array parameters in X.509 certificates, leading to acceptance of certificates that should be rejected.\\\",\\n \\\"attack_surface\\\": \\\"TLS/SSL certificate validation routines during connection establishment; affects both client and server implementations using vulnerable Mbed TLS versions.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"No evidence of active exploitation found in input data, but the vulnerability has public documentation and affects network-accessible systems. The attack requires crafting malicious certificates but no authentication or user interaction.\\\",\\n \\\"evidence_signals\\\": [\\n \\\"No CISA KEV listing mentioned in input data\\\",\\n \\\"No public exploit references provided in input data\\\",\\n \\\"EPSS score suggests moderate exploitation likelihood (0.00290-0.33 depending on source)\\\"\\n ],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes - Network-accessible systems using Mbed TLS\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low - Standard network access sufficient\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"High - Urgent Verification\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"High severity cryptographic vulnerability affecting core TLS trust mechanisms in embedded/IoT devices and Linux systems. While no active exploitation is documented, the potential impact on communication integrity and the widespread deployment in industrial control systems warrants urgent assessment and patching.\\\",\\n \\\"recommended_sla\\\": \\\"30 days for critical systems; 90 days for general deployment\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Integrity impact (HIGH) - No confidentiality or availability impact per CVSS\\\",\\n \\\"technical_impact_details\\\": \\\"Attackers can craft certificates with invalid parameters that are incorrectly accepted as valid, potentially enabling MITM attacks, session hijacking, or bypassing authentication mechanisms that rely on certificate validation.\\\",\\n \\\"blast_radius\\\": \\\"Medium to High - Affects Mbed TLS library users including Siemens industrial devices (LOGO! CMR2020/2040, SIMATIC RTU3000/3030/3031/3041C), Debian Linux 9/10, and any embedded systems using vulnerable library versions\\\",\\n \\\"business_risk_rating\\\": \\\"4\\\",\\n \\\"business_risk_justification\\\": \\\"High integrity impact on cryptographic trust mechanisms combined with deployment in industrial control systems creates significant risk. While no active exploitation is documented, the vulnerability affects security foundations and could enable broader attacks on OT/IT infrastructure.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\n \\\"ARM Mbed TLS\\\",\\n \\\"Siemens LOGO! CMR2020\\\",\\n \\\"Siemens LOGO! CMR2040\\\",\\n \\\"Siemens SIMATIC RTU3000C\\\",\\n \\\"Siemens SIMATIC RTU3030C\\\",\\n \\\"Siemens SIMATIC RTU3031C\\\",\\n \\\"Siemens SIMATIC RTU3041C\\\",\\n \\\"Debian Linux 9.0\\\",\\n \\\"Debian Linux 10.0\\\"\\n ],\\n \\\"affected_versions\\\": \\\"Mbed TLS < 2.25.0, < 2.16.9 LTS, < 2.7.18 LTS\\\",\\n \\\"fixed_versions\\\": \\\"Mbed TLS 2.25.0, 2.16.9 LTS, 2.7.18 LTS\\\",\\n \\\"configuration_dependencies\\\": \\\"Systems must use Mbed TLS for TLS/SSL operations; vulnerability manifests during certificate validation\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High - Network-accessible systems using vulnerable Mbed TLS versions are exposed to remote exploitation without authentication\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Man-in-the-Middle Attack on Industrial Control Systems\\\",\\n \\\"attacker_goal\\\": \\\"Intercept and manipulate encrypted communications between PLCs and control systems\\\",\\n \\\"steps_high_level\\\": [\\n \\\"Attacker crafts malicious certificate with NULL parameters that vulnerable Mbed TLS accepts\\\",\\n \\\"Attacker positions themselves between industrial devices using man-in-the-middle techniques\\\",\\n \\\"Victim system validates malicious certificate as valid due to vulnerability\\\",\\n \\\"Attacker gains ability to decrypt, modify, or inject traffic in supposedly secure channel\\\"\\n ],\\n \\\"likely_targets\\\": \\\"Siemens LOGO! and SIMATIC RTU devices in industrial environments; systems with internet-facing TLS services\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Certificate Validation Bypass in Embedded IoT Devices\\\",\\n \\\"attacker_goal\\\": \\\"Bypass client certificate authentication in IoT device communications\\\",\\n \\\"steps_high_level\\\": [\\n \\\"Identify target IoT devices using vulnerable Mbed TLS versions\\\",\\n \\\"Create malicious server certificate with crafted parameters\\\",\\n \\\"Deploy malicious certificate on attacker-controlled server\\\",\\n \\\"IoT devices connect to malicious server and accept invalid certificate due to vulnerability\\\"\\n ],\\n \\\"likely_targets\\\": \\\"Embedded devices, IoT gateways, and Linux-based systems using Mbed TLS for TLS client validation\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch Management\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade Mbed TLS to version 2.25.0 or later (2.16.9 LTS or 2.7.18 LTS for long-term support branches).\\\",\\n \\\"Apply vendor-specific patches for affected Siemens devices per Siemens security advisory SSA-756638.\\\",\\n \\\"Update Debian systems to versions containing patched Mbed TLS packages and verify certificate validation behavior.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"patching_notes\\\": \\\"Coordinate patching with operational schedules for industrial control systems; test patches in non-production environments first due to critical nature of affected systems\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify Mbed TLS version in use across all systems and compare against affected version ranges.\\\",\\n \\\"Test certificate validation with crafted certificates containing NULL parameters to confirm patch effectiveness.\\\",\\n \\\"Monitor TLS handshake logs for unusual certificate patterns or validation failures post-patch.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backups of firmware/configurations before patching industrial devices; ensure rollback procedures are tested and documented\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor TLS handshake logs for certificates with unusual parameter structures or NULL algorithm parameters\\\",\\n \\\"Deploy network monitoring to detect unexpected certificate authorities or self-signed certificates in industrial networks\\\",\\n \\\"Implement certificate pinning or strict CA validation to detect validation bypass attempts\\\",\\n \\\"Search for connections to systems using vulnerable Mbed TLS versions in asset inventory\\\",\\n \\\"Monitor for anomalous network traffic patterns from industrial control systems that might indicate MITM activity\\\",\\n \\\"Review certificate validation logs for any accepted certificates that should have been rejected\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00290 (EPSS source) or 0.3300 (EVD source) - conflicting values present\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High - Affects cryptographic library used across multiple vendors and industries; Siemens devices represent downstream impact\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\n \\\"Detailed exploitability analysis\\\",\\n \\\"Specific attack vectors and techniques\\\",\\n \\\"Complete list of affected products beyond CPE entries\\\",\\n \\\"Vendor patch availability timeline\\\",\\n \\\"Workaround or temporary mitigation options\\\"\\n ],\\n \\\"conflicts_or_ambiguities\\\": [\\n \\\"Conflicting EPSS scores from different sources (0.00290 vs 0.3300)\\\",\\n \\\"Limited information on actual exploitation attempts or public exploits\\\",\\n \\\"Incomplete description in EUVD source (truncated text)\\\"\\n ],\\n \\\"assumptions_made\\\": [\\n \\\"Assumed HIGH severity based on CVSS score and integrity impact\\\",\\n \\\"Inferred industrial control system risk based on Siemens device mentions\\\",\\n \\\"Estimated exploitability as Medium due to lack of active exploitation evidence despite high CVSS\\\"\\n ],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear, but limited information on current exploitation status and specific attack techniques reduces confidence in risk assessment\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://cert-portal.siemens.com/productcert/pdf/ssa-756638.pdf\\\",\\n \\\"https://github.com/ARMmbed/mbedtls/issues/3629\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"85\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2020-16150\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2020-16150\\\",\\n \\\"title\\\": \\\"Mbed TLS Lucky 13 Timing Side-Channel Information Leak\\\",\\n \\\"short_description\\\": \\\"A Lucky 13 timing side-channel vulnerability in mbedtls_ssl_decrypt_buf in Trusted Firmware Mbed TLS through version 2.23.0 allows an attacker to recover secret key information by observing timing differences during CBC-mode decryption of padded TLS records.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows a local attacker to recover secret key material through timing analysis, potentially leading to the compromise of encrypted communications. While it requires local access and low privileges, successful exploitation undermines the confidentiality guarantees of TLS and could enable decryption of sensitive data. The Lucky 13 class of vulnerabilities is well-understood and has been actively addressed in other TLS implementations, making this a known attack pattern that attackers may attempt to exploit in vulnerable deployments.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"5.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-203: Observable Discrepancy\\\"],\\n \\\"weakness_summary\\\": \\\"Timing side-channel in CBC decryption allows key recovery through statistical analysis of decryption timing differences based on padding length.\\\",\\n \\\"attack_surface\\\": \\\"Local TLS library implementation, specifically the CBC mode decryption function mbedtls_ssl_decrypt_buf during SSL/TLS record processing.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Requires local access with low privileges to measure timing differences during TLS CBC decryption operations. Attacker must collect sufficient timing samples to perform statistical analysis for key recovery.\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of in-the-wild exploitation in input data\\\", \\\"Lucky 13 is a known attack class with established exploitation techniques\\\", \\\"EPSS score suggests low current exploitation likelihood\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Local\\\",\\n \\\"authentication_required\\\": \\\"Not required\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"Low\\\",\\n \\\"attack_complexity\\\": \\\"Low - established timing attack methodology\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity timing side-channel requiring local access. While the vulnerability allows key recovery, exploitation requires significant timing measurements and statistical analysis. No evidence of active exploitation. Priority is to patch during regular maintenance cycles while ensuring TLS libraries are updated across all affected systems.\\\",\\n \\\"recommended_sla\\\": \\\"90 days for non-internet-facing systems, 30 days for internet-facing TLS endpoints\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"High confidentiality impact with no integrity or availability impact. Successful exploitation recovers secret key material used in TLS communications.\\\",\\n \\\"technical_impact_details\\\": \\\"Timing side-channel in CBC mode decryption allows statistical recovery of encryption keys through analysis of timing differences correlated with padding length. This compromises the confidentiality of TLS-protected communications.\\\",\\n \\\"blast_radius\\\": \\\"Moderate - affects all systems running vulnerable Mbed TLS versions with CBC cipher suites enabled. Impact limited to local attackers who can measure timing with sufficient precision.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to key recovery potential, but mitigated by requirement for local access and sophisticated timing analysis. Risk increases for systems with high-value encrypted data and those accessible to potentially malicious local users. Lower risk for properly segmented environments with restricted local access.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Trusted Firmware Mbed TLS\\\", \\\"Fedora 31\\\", \\\"Fedora 32\\\", \\\"Fedora 33\\\", \\\"Debian Linux 10.0\\\"],\\n \\\"affected_versions\\\": \\\"Mbed TLS through 2.23.0\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"CBC cipher suites must be enabled and used for TLS connections\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High for internet-facing TLS endpoints using vulnerable versions. Local access requirement limits immediate internet-based exploitation, but compromised internal systems could exfiltrate keys.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Local Key Recovery via Timing Analysis\\\",\\n \\\"attacker_goal\\\": \\\"Recover TLS session keys to decrypt captured encrypted communications\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker gains local access to system with vulnerable Mbed TLS\\\", \\\"Attacker triggers repeated TLS decryption operations with controlled inputs\\\", \\\"Attacker measures timing differences during CBC padding validation\\\", \\\"Attacker performs statistical analysis to recover key material\\\"],\\n \\\"likely_targets\\\": \\\"Systems with local user access, shared hosting environments, containers with multiple tenants, or systems where attackers have achieved initial access\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Insider Threat Key Extraction\\\",\\n \\\"attacker_goal\\\": \\\"Extract encryption keys for unauthorized data access\\\",\\n \\\"steps_high_level\\\": [\\\"Malicious insider with local access identifies vulnerable TLS implementation\\\", \\\"Insider runs timing measurement tools during normal TLS operations\\\", \\\"Insider collects sufficient timing data for statistical key recovery\\\", \\\"Insider uses recovered keys to decrypt sensitive organizational communications\\\"],\\n \\\"likely_targets\\\": \\\"Internal systems with valuable encrypted data, financial systems, healthcare records, or proprietary business communications\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Management\\\",\\n \\\"mitigation_action\\\": [\\\"Upgrade Mbed TLS to version 2.24.0 or later to eliminate the timing side-channel vulnerability\\\", \\\"Disable CBC cipher suites in TLS configuration if not required for backward compatibility\\\", \\\"Implement network segmentation to restrict local access to systems running TLS services\\\"],\\n \\\"workarounds\\\": \\\"Disable CBC cipher suites and use AEAD cipher suites (AES-GCM, ChaCha20-Poly1305) exclusively if compatibility permits\\\",\\n \\\"patching_notes\\\": \\\"Coordinate with application teams to test TLS library updates. Verify that patching does not break existing TLS handshake compatibility. Consider phased rollout starting with non-critical systems.\\\",\\n \\\"verification_steps\\\": [\\\"Verify Mbed TLS version is 2.24.0 or later using library version checking tools\\\", \\\"Confirm CBC cipher suites are disabled in TLS configuration files\\\", \\\"Test TLS connectivity and performance after library update\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous TLS library version and configuration. Document rollback procedures in case of compatibility issues with updated library.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for unusual local process activity with high-precision timing measurement capabilities (clock_gettime, rdtsc system calls)\\\",\\n \\\"Detect repeated TLS connection attempts from single local sources with timing correlation patterns\\\",\\n \\\"Hunt for network traffic analysis tools running on systems with TLS services\\\",\\n \\\"Monitor system logs for failed TLS handshakes followed by timing measurement activities\\\",\\n \\\"Search for privilege escalation attempts targeting TLS service accounts or key material access\\\",\\n \\\"Implement network monitoring for anomalous TLS cipher suite negotiation patterns indicating downgrade attacks\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00071\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - affects TLS library used in embedded systems and IoT devices. Supply chain impact through inclusion in vendor products and Linux distributions.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Fixed version information\\\", \\\"Vendor advisory links\\\", \\\"Detailed exploit technical references\\\", \\\"CISA KEV status\\\", \\\"Specific patch availability dates\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS scores show discrepancy between sources (0.0700 vs 0.00071) - using lower value as more recent\\\", \\\"Affected products list includes operating systems but specific package versions not detailed\\\"],\\n \\\"assumptions_made\\\": [\\\"CBC cipher suites are enabled by default in affected versions\\\", \\\"Local access requirement implies authenticated user context\\\", \\\"Timing measurement precision is achievable in target environments\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear, but missing vendor patch information and exploit status reduces confidence in complete assessment\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html\\\",\\n \\\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OSOFUD6UTGTDDSQRS62BPXDU52I6PUA/\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"88\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2020-36423\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2020-36423\\\",\\n \\\"title\\\": \\\"Arm Mbed TLS Lucky 13 Countermeasure Bypass\\\",\\n \\\"short_description\\\": \\\"Arm Mbed TLS before 2.23.0 contains a cryptographic vulnerability where a hardware accelerator case is not properly considered in the Lucky 13 countermeasure, allowing a remote attacker to recover plaintext from TLS connections.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability undermines TLS confidentiality by enabling plaintext recovery attacks against encrypted connections. It affects a widely used cryptographic library embedded in IoT devices, servers, and network appliances, potentially exposing sensitive data in transit without requiring authentication or user interaction.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"7.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\\\",\\n \\\"severity_label\\\": \\\"HIGH\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-203\\\"],\\n \\\"weakness_summary\\\": \\\"Observable Discrepancy in cryptographic implementation allowing side-channel plaintext recovery through timing analysis when hardware accelerators are used\\\",\\n \\\"attack_surface\\\": \\\"TLS connections using vulnerable Mbed TLS versions, particularly those leveraging hardware cryptographic acceleration\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"No evidence of active exploitation found in input data, but the vulnerability has public technical details and affects network-accessible TLS endpoints with low attack complexity\\\",\\n \\\"evidence_signals\\\": [\\n \\\"EPSS score 0.00202 (0.42 percentile) suggests low current exploitation likelihood\\\",\\n \\\"No CISA KEV listing or ransomware association mentioned\\\",\\n \\\"Public vulnerability disclosure with technical details available\\\"\\n ],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Network\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"High - Urgent Verification\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"High CVSS score (7.5) with network-accessible attack vector and no authentication required. While EPSS suggests low current exploitation, the cryptographic nature and potential for plaintext recovery warrant urgent assessment of exposure and patching priority.\\\",\\n \\\"recommended_sla\\\": \\\"Initial assessment within 24 hours; patch deployment within 7-14 days based on exposure assessment\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Confidentiality: High (plaintext recovery); Integrity: None; Availability: None\\\",\\n \\\"technical_impact_details\\\": \\\"Remote attackers can perform timing-based side-channel attacks to recover plaintext from TLS connections when hardware accelerators are used, potentially exposing sensitive application data, credentials, or session tokens\\\",\\n \\\"blast_radius\\\": \\\"All systems running vulnerable Mbed TLS versions with hardware acceleration enabled and network-accessible TLS endpoints; includes IoT devices, embedded systems, and servers using Mbed TLS\\\",\\n \\\"business_risk_rating\\\": \\\"4\\\",\\n \\\"business_risk_justification\\\": \\\"High confidentiality impact affecting encrypted communications, widespread library usage in embedded/IoT ecosystems, and potential regulatory compliance implications for data protection. Risk elevated by network accessibility and lack of authentication requirements.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Arm Mbed TLS\\\", \\\"Debian Linux 10.0\\\"],\\n \\\"affected_versions\\\": \\\"Mbed TLS versions before 2.23.0; Debian 10.0 (Buster) with vulnerable Mbed TLS packages\\\",\\n \\\"fixed_versions\\\": \\\"Mbed TLS 2.23.0 and later (specifically v2.16.7 mentioned in references)\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires hardware accelerator usage for cryptographic operations; systems without hardware acceleration may not be vulnerable\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Critical - affects TLS connections which are commonly internet-facing; any system accepting TLS connections with vulnerable configuration is potentially exposed\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"TLS Plaintext Recovery via Timing Attack\\\",\\n \\\"attacker_goal\\\": \\\"Recover sensitive plaintext data from encrypted TLS connections\\\",\\n \\\"steps_high_level\\\": [\\n \\\"Attacker establishes multiple TLS connections to vulnerable Mbed TLS endpoint\\\",\\n \\\"Attacker sends crafted packets to trigger hardware accelerator usage\\\",\\n \\\"Attacker measures timing differences to recover plaintext through statistical analysis\\\"\\n ],\\n \\\"likely_targets\\\": \\\"Internet-facing IoT devices, embedded systems, VPN endpoints, and servers using Mbed TLS with hardware acceleration\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Credential Harvesting from Encrypted Sessions\\\",\\n \\\"attacker_goal\\\": \\\"Steal authentication credentials or session tokens from TLS-protected communications\\\",\\n \\\"steps_high_level\\\": [\\n \\\"Identify target systems running vulnerable Mbed TLS versions\\\",\\n \\\"Perform timing analysis during active TLS sessions\\\",\\n \\\"Recover authentication tokens or credentials for lateral movement\\\"\\n ],\\n \\\"likely_targets\\\": \\\"Administrative interfaces, API endpoints, and authentication services using Mbed TLS\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch Management\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade Mbed TLS to version 2.23.0 or later immediately, prioritizing internet-facing systems\\\",\\n \\\"Inventory all systems using Mbed TLS and verify hardware accelerator configuration status\\\",\\n \\\"Implement network segmentation to limit exposure of vulnerable systems pending patching\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disable hardware acceleration for cryptographic operations if feasible and performance impact is acceptable; implement additional network-level encryption (IPsec) for defense-in-depth\\\",\\n \\\"patching_notes\\\": \\\"Patch available in Mbed TLS 2.23.0; Debian users should update to fixed packages. Test patches in non-production environment first to assess hardware accelerator compatibility.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify Mbed TLS version on all systems using package managers and dependency scanners\\\",\\n \\\"Confirm hardware accelerator usage through system configuration and performance monitoring\\\",\\n \\\"Test TLS connections post-patch to ensure functionality and performance are maintained\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain pre-patch system images; monitor for performance degradation or compatibility issues with hardware accelerators post-update\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for unusual TLS connection patterns or timing anomalies from external IPs\\\",\\n \\\"Search logs for repeated connection attempts to TLS endpoints with varying packet sizes\\\",\\n \\\"Hunt for network traffic analysis tools or timing measurement utilities on compromised systems\\\",\\n \\\"Implement TLS handshake anomaly detection focusing on hardware accelerator usage patterns\\\",\\n \\\"Monitor for unexpected process memory access patterns in Mbed TLS applications\\\",\\n \\\"Search for cryptographic API calls with unusual timing characteristics in system logs\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"No evidence of active exploitation found in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00202 (percentile: 0.42391)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High - affects cryptographic library used in embedded systems and IoT devices across multiple vendors and industries\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\n \\\"Detailed vendor advisory link\\\",\\n \\\"Specific hardware accelerator models affected\\\",\\n \\\"Complete list of downstream vendors and products\\\"\\n ],\\n \\\"conflicts_or_ambiguities\\\": [\\n \\\"EPSS scores show discrepancy between sources (0.2000 vs 0.00202)\\\",\\n \\\"Version references mention both 2.23.0 and 2.16.7 as fixes\\\"\\n ],\\n \\\"assumptions_made\\\": [\\n \\\"Assumed hardware accelerator usage is required for exploitability based on description\\\",\\n \\\"Inferred timing attack methodology from Lucky 13 countermeasure context\\\",\\n \\\"Assumed network accessibility based on CVSS vector (AV:N)\\\"\\n ],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear, but specific exploitation details and current threat landscape context are limited\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://bugs.gentoo.org/730752\\\",\\n \\\"https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.7\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"99\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2021-44732\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2021-44732\\\",\\n \\\"title\\\": \\\"Mbed TLS Double Free Vulnerability in Out-of-Memory Conditions\\\",\\n \\\"short_description\\\": \\\"Mbed TLS before version 3.0.1 contains a double free vulnerability triggered in specific out-of-memory conditions, demonstrated by an mbedtls_ssl_set_session() failure. This allows remote attackers to potentially execute arbitrary code or cause denial of service.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability affects a widely used TLS/cryptographic library (Mbed TLS) and can lead to remote code execution or service crashes without authentication. The critical CVSS score (9.8) reflects network-accessible exploitation with no privileges required, making it a prime target for attackers targeting TLS implementations in embedded systems, IoT devices, and server applications.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"9.8\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\\\",\\n \\\"severity_label\\\": \\\"CRITICAL\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-415\\\"],\\n \\\"weakness_summary\\\": \\\"Double free vulnerability in memory management under out-of-memory conditions, specifically in mbedtls_ssl_set_session() function.\\\",\\n \\\"attack_surface\\\": \\\"Network-accessible TLS session handling; affects SSL/TLS session management functionality in applications using Mbed TLS library.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"High\\\",\\n \\\"exploit_summary\\\": \\\"No explicit evidence of in-the-wild exploitation found in input data, but the vulnerability characteristics (network-accessible, no authentication, double free) make exploitation highly likely. EPSS score shows moderate exploitation probability.\\\",\\n \\\"evidence_signals\\\": [\\\"CVSS 9.8 with network attack vector and no privileges required\\\", \\\"Double free vulnerability class historically exploitable for RCE\\\", \\\"EPSS score indicates exploitation probability\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Network\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Critical - Patch Immediately\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Critical severity (CVSS 9.8) with network-accessible attack vector and no authentication required. Double free vulnerabilities can lead to remote code execution. Mbed TLS is widely deployed in embedded systems and servers, creating significant exposure.\\\",\\n \\\"recommended_sla\\\": \\\"72 hours for critical systems; 7 days for others\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Complete system compromise (Confidentiality/Integrity/Availability)\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation can result in remote code execution, complete system compromise, or denial of service. The double free vulnerability allows attackers to corrupt memory structures and potentially execute arbitrary code with application privileges.\\\",\\n \\\"blast_radius\\\": \\\"All systems running Mbed TLS versions before 3.0.1, particularly those with network exposure. Embedded devices and IoT systems may have delayed patching cycles.\\\",\\n \\\"business_risk_rating\\\": \\\"5\\\",\\n \\\"business_risk_justification\\\": \\\"Critical infrastructure component (TLS library) with RCE potential, no authentication required, and widespread deployment. Business impact includes potential data breaches, service disruption, and compliance violations in regulated environments.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"ARM Mbed TLS\\\", \\\"Debian Linux 10.0\\\"],\\n \\\"affected_versions\\\": \\\"Mbed TLS versions before 3.0.1, specifically including 3.0.0 and 3.0.0 preview1\\\",\\n \\\"fixed_versions\\\": \\\"Mbed TLS 3.0.1 and later\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires applications using mbedtls_ssl_set_session() function with out-of-memory conditions\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Critical - affects TLS implementations that may be internet-facing (web servers, API endpoints, IoT devices)\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Remote Code Execution via TLS Session Handling\\\",\\n \\\"attacker_goal\\\": \\\"Execute arbitrary code on target system\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker sends specially crafted TLS session data to vulnerable system\\\", \\\"Trigger out-of-memory condition during mbedtls_ssl_set_session() call\\\", \\\"Exploit double free to gain code execution\\\"],\\n \\\"likely_targets\\\": \\\"Internet-facing servers using Mbed TLS, embedded devices, IoT gateways\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Denial of Service Attack\\\",\\n \\\"attacker_goal\\\": \\\"Crash the TLS service or application\\\",\\n \\\"steps_high_level\\\": [\\\"Send malicious TLS session data repeatedly\\\", \\\"Trigger double free condition\\\", \\\"Cause application crash and service unavailability\\\"],\\n \\\"likely_targets\\\": \\\"Critical infrastructure systems, embedded devices with limited memory\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Update\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Immediately upgrade Mbed TLS to version 3.0.1 or later on all affected systems.\\\",\\n \\\"Review and audit all systems using Mbed TLS library to identify vulnerable versions and exposure points.\\\",\\n \\\"Implement network segmentation and access controls to limit exposure of systems until patching is complete.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"patching_notes\\\": \\\"Patch available in Mbed TLS 3.0.1 release. Debian users should check for backported patches in stable releases.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify Mbed TLS version using mbedtls_version.h or library version checking functions.\\\",\\n \\\"Test TLS functionality after patching to ensure no regression in SSL/TLS operations.\\\",\\n \\\"Monitor system logs for memory corruption or crash events related to TLS operations.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous library version and test rollback procedures before deployment in production environments.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for abnormal memory patterns or crashes in applications using Mbed TLS (watch for double free errors in logs).\\\",\\n \\\"Search network traffic logs for unusual TLS session establishment patterns or repeated connection attempts.\\\",\\n \\\"Hunt for processes with unexpected memory allocation patterns or heap corruption in Mbed TLS applications.\\\",\\n \\\"Monitor for out-of-memory conditions followed by application crashes in systems using Mbed TLS.\\\",\\n \\\"Search for exploitation attempts using IDS/IPS rules targeting CVE-2021-44732.\\\",\\n \\\"Review SIEM alerts for authentication failures or service disruptions in TLS-enabled applications.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00676\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High - Mbed TLS is a fundamental cryptographic library used across many products and industries\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed vendor advisory\\\", \\\"Specific exploit code availability\\\", \\\"CISA KEV status\\\", \\\"Detailed affected version ranges beyond major versions\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS score discrepancy between sources (0.9300 vs 0.00676) - using EPSS official source value\\\"],\\n \\\"assumptions_made\\\": [\\\"Double free vulnerability likely exploitable for RCE based on vulnerability class characteristics\\\", \\\"Widespread deployment assumed due to Mbed TLS being a popular embedded TLS library\\\"],\\n \\\"confidence\\\": \\\"High - Core vulnerability details and CVSS scoring are clear and consistent across sources\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://bugs.gentoo.org/829660\\\",\\n \\\"https://github.com/ARMmbed/mbedtls/releases\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"104\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2022-46393\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n  \\\"cve_id\\\": \\\"CVE-2022-46393\\\",\\n  \\\"title\\\": \\\"Mbed TLS DTLS Heap-Based Buffer Overflow and Over-Read Vulnerability\\\",\\n  \\\"short_description\\\": \\\"A critical heap-based buffer overflow and buffer over-read vulnerability exists in Mbed TLS versions prior to 2.28.2 and 3.x prior to 3.3.0. The flaw is triggered in DTLS when specific compile-time configuration macros are set, allowing remote code execution or denial of service.\\\",\\n  \\\"why_it_matters\\\": \\\"This vulnerability allows unauthenticated remote attackers to potentially execute arbitrary code or crash affected systems via network traffic. The high CVSS score (9.8) reflects the combination of network accessibility, no authentication requirements, and complete system compromise potential. Mbed TLS is widely deployed in embedded systems, IoT devices, and enterprise applications, making this a high-impact security concern.\\\",\\n\\n  \\\"severity\\\": {\\n    \\\"cvss_version\\\": \\\"3.1\\\",\\n    \\\"cvss_base_score\\\": \\\"9.8\\\",\\n    \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\\\",\\n    \\\"severity_label\\\": \\\"CRITICAL\\\"\\n  },\\n\\n  \\\"vulnerability_class\\\": {\\n    \\\"cwe_ids\\\": [\\\"CWE-122\\\", \\\"CWE-125\\\"],\\n    \\\"weakness_summary\\\": \\\"Heap-based buffer overflow (CWE-122) combined with buffer over-read (CWE-125) in DTLS implementation when Connection ID feature is enabled with misconfigured length parameters.\\\",\\n    \\\"attack_surface\\\": \\\"Network-exposed DTLS endpoints with MBEDTLS_SSL_DTLS_CONNECTION_ID enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.\\\"\\n  },\\n\\n  \\\"exploitability\\\": {\\n    \\\"exploit_status\\\": \\\"High\\\",\\n    \\\"exploit_summary\\\": \\\"While no active exploitation is explicitly documented in the input data, the vulnerability characteristics (network-accessible, no authentication, low attack complexity) make exploitation highly likely. The EPSS score of 0.8600 (from cves_euvd) suggests high exploitation probability, though this conflicts with the standard EPSS score of 0.00862.\\\",\\n    \\\"evidence_signals\\\": [\\n      \\\"CVSS 9.8 with network attack vector and no authentication required\\\",\\n      \\\"EPSS score discrepancy: 0.8600 (cves_euvd) vs 0.00862 (cves_epss)\\\",\\n      \\\"No explicit mention of in-the-wild exploitation or public PoC in input data\\\"\\n    ],\\n    \\\"prerequisites\\\": {\\n      \\\"network_access_required\\\": \\\"Yes\\\",\\n      \\\"authentication_required\\\": \\\"No\\\",\\n      \\\"user_interaction_required\\\": \\\"No\\\",\\n      \\\"privileges_required\\\": \\\"None\\\",\\n      \\\"attack_complexity\\\": \\\"Low\\\"\\n    }\\n  },\\n\\n  \\\"triage\\\": {\\n    \\\"triage_category\\\": \\\"Critical - Patch Immediately\\\",\\n    \\\"triage_team\\\": \\\"Patching Operations\\\",\\n    \\\"triage_rationale\\\": \\\"Critical severity (CVSS 9.8) with remote code execution potential in a widely deployed TLS library. The vulnerability requires immediate patching due to the combination of no authentication requirements, network accessibility, and potential for complete system compromise. Organizations using Mbed TLS with DTLS and Connection ID features should prioritize this vulnerability.\\\",\\n    \\\"recommended_sla\\\": \\\"24-48 hours for critical systems; 72 hours for all affected systems\\\"\\n  },\\n\\n  \\\"impact_assessment\\\": {\\n    \\\"assessment_impact\\\": \\\"Complete system compromise (Confidentiality: High, Integrity: High, Availability: High)\\\",\\n    \\\"technical_impact_details\\\": \\\"Successful exploitation could lead to remote code execution, service crashes, information disclosure, or complete system compromise. The heap-based nature suggests potential for arbitrary code execution through memory corruption.\\\",\\n    \\\"blast_radius\\\": \\\"High - affects all systems running vulnerable Mbed TLS versions with DTLS and Connection ID enabled. Mbed TLS is used in embedded devices, IoT products, and enterprise applications, potentially affecting thousands of devices.\\\",\\n    \\\"business_risk_rating\\\": \\\"5\\\",\\n    \\\"business_risk_justification\\\": \\\"Critical risk due to: (1) Remote code execution capability without authentication, (2) Wide deployment of Mbed TLS in critical infrastructure and IoT devices, (3) Potential for complete system compromise, (4) High CVSS score indicating severe impact, (5) DTLS usage in security-sensitive communications.\\\"\\n  },\\n\\n  \\\"affected_scope\\\": {\\n    \\\"affected_products\\\": [\\n      \\\"Arm Mbed TLS\\\",\\n      \\\"Fedora 36\\\",\\n      \\\"Fedora 37\\\"\\n    ],\\n    \\\"affected_versions\\\": \\\"Mbed TLS versions before 2.28.2 and 3.x before 3.3.0\\\",\\n    \\\"fixed_versions\\\": \\\"Mbed TLS 2.28.2 and 3.3.0\\\",\\n    \\\"configuration_dependencies\\\": \\\"Requires MBEDTLS_SSL_DTLS_CONNECTION_ID enabled AND MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX\\\",\\n    \\\"internet_exposure_relevance\\\": \\\"Critical - affects network-exposed DTLS endpoints, commonly used in IoT devices and secure communication channels exposed to untrusted networks.\\\"\\n  },\\n\\n  \\\"attack_scenarios\\\": [\\n    {\\n      \\\"scenario_name\\\": \\\"Remote Code Execution via Malicious DTLS Traffic\\\",\\n      \\\"attacker_goal\\\": \\\"Execute arbitrary code on vulnerable Mbed TLS implementations\\\",\\n      \\\"steps_high_level\\\": [\\n        \\\"Attacker identifies target systems running vulnerable Mbed TLS with DTLS and Connection ID enabled\\\",\\n        \\\"Craft malicious DTLS packets with specially constructed Connection IDs to trigger heap overflow\\\",\\n        \\\"Exploit memory corruption to achieve remote code execution or service crash\\\"\\n      ],\\n      \\\"likely_targets\\\": \\\"IoT devices, embedded systems, VPN endpoints, and applications using DTLS for secure communications\\\"\\n    },\\n    {\\n      \\\"scenario_name\\\": \\\"Denial of Service Attack\\\",\\n      \\\"attacker_goal\\\": \\\"Crash vulnerable services or devices\\\",\\n      \\\"steps_high_level\\\": [\\n        \\\"Identify vulnerable DTLS endpoints in target infrastructure\\\",\\n        \\\"Send specially crafted DTLS packets exploiting the buffer over-read condition\\\",\\n        \\\"Cause service crashes or system instability through memory corruption\\\"\\n      ],\\n      \\\"likely_targets\\\": \\\"Critical infrastructure devices, industrial control systems, and embedded devices with limited crash recovery capabilities\\\"\\n    }\\n  ],\\n\\n  \\\"mitigation\\\": {\\n    \\\"mitigation_type\\\": \\\"Patch and Configuration Update\\\",\\n    \\\"mitigation_action\\\": [\\n      \\\"Upgrade Mbed TLS to version 2.28.2 or 3.3.0 immediately for all affected systems.\\\",\\n      \\\"Review and audit all systems using Mbed TLS to identify DTLS usage and Connection ID configuration.\\\",\\n      \\\"Implement network segmentation and access controls to limit exposure of DTLS endpoints to untrusted networks.\\\"\\n    ],\\n    \\\"workarounds\\\": \\\"Disable MBEDTLS_SSL_DTLS_CONNECTION_ID feature if not required, or ensure MBEDTLS_SSL_CID_IN_LEN_MAX ≤ 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX in configuration.\\\",\\n    \\\"patching_notes\\\": \\\"Patches are available in Mbed TLS releases 2.28.2 and 3.3.0. Organizations should test patches in non-production environments before deployment and ensure compatibility with existing applications.\\\",\\n    \\\"verification_steps\\\": [\\n      \\\"Verify Mbed TLS version on all systems using package management tools or library version checks.\\\",\\n      \\\"Confirm DTLS and Connection ID configuration status through code review or runtime inspection.\\\",\\n      \\\"Test DTLS functionality after patching to ensure no regression in secure communication capabilities.\\\"\\n    ],\\n    \\\"rollback_considerations\\\": \\\"Maintain backup of previous Mbed TLS versions and application configurations. Test rollback procedures in case of compatibility issues or unexpected behavior post-patch.\\\"\\n  },\\n\\n  \\\"detection_and_hunting\\\": [\\n    \\\"Monitor network traffic for unusual DTLS connection patterns or malformed DTLS packets targeting vulnerable systems.\\\",\\n    \\\"Deploy IDS/IPS rules to detect potential exploitation attempts targeting CVE-2022-46393 based on known attack patterns.\\\",\\n    \\\"Implement endpoint monitoring for unexpected process crashes or memory corruption in applications using Mbed TLS.\\\",\\n    \\\"Search logs for connection attempts to DTLS ports (typically UDP 443 or custom ports) from untrusted sources.\\\",\\n    \\\"Use vulnerability scanning tools to identify systems running vulnerable Mbed TLS versions.\\\",\\n    \\\"Monitor for heap corruption indicators or buffer overflow attempts in system logs and security event feeds.\\\"\\n  ],\\n\\n  \\\"prioritization_enrichment\\\": {\\n    \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n    \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n    \\\"epss\\\": \\\"0.8600 (cves_euvd) / 0.00862 (cves_epss) - conflicting values present\\\",\\n    \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n    \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n    \\\"supply_chain_relevance\\\": \\\"High - Mbed TLS is a widely used cryptographic library in embedded systems and IoT devices, making this vulnerability relevant to supply chain security assessments.\\\"\\n  },\\n\\n  \\\"data_quality\\\": {\\n    \\\"missing_key_fields\\\": [\\n      \\\"Detailed vendor advisory link\\\",\\n      \\\"Proof-of-concept exploit availability\\\",\\n      \\\"CISA KEV status\\\",\\n      \\\"Specific affected product versions beyond CPE entries\\\"\\n    ],\\n    \\\"conflicts_or_ambiguities\\\": [\\n      \\\"EPSS score discrepancy: 0.8600 (cves_euvd) vs 0.00862 (cves_epss)\\\",\\n      \\\"Limited information on actual exploitation status\\\",\\n      \\\"Insufficient detail on specific vulnerable configurations beyond macro names\\\"\\n    ],\\n    \\\"assumptions_made\\\": [\\n      \\\"High exploitation likelihood based on CVSS metrics despite lack of explicit exploitation evidence\\\",\\n      \\\"DTLS endpoints are commonly network-exposed based on typical deployment patterns\\\",\\n      \\\"Buffer overflow could lead to RCE based on heap corruption characteristics\\\"\\n    ],\\n    \\\"confidence\\\": \\\"Medium-High - Core vulnerability details are clear, but exploitation status and specific impact mechanisms lack explicit documentation in the provided data.\\\"\\n  },\\n\\n  \\\"references\\\": [\\n    \\\"https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2\\\",\\n    \\\"https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0\\\"\\n  ],\\n\\n  \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"105\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2023-43615\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2023-43615\\\",\\n \\\"title\\\": \\\"Mbed TLS Buffer Overflow Vulnerability\\\",\\n \\\"short_description\\\": \\\"Mbed TLS versions 2.x before 2.28.5 and 3.x before 3.5.0 contain a buffer overflow vulnerability. The flaw allows remote attackers to cause a denial of service or potentially execute arbitrary code via network access without authentication or user interaction.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability affects a widely used cryptographic library (Mbed TLS) that underpins secure communications in embedded systems, IoT devices, and server applications. A buffer overflow in such a core component can lead to service crashes, information disclosure, or remote code execution, potentially compromising the confidentiality and integrity of encrypted communications. Given the library's prevalence in security-sensitive contexts, exploitation could have cascading effects across entire ecosystems of connected devices and services.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"7.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\\\",\\n \\\"severity_label\\\": \\\"HIGH\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-120\\\"],\\n \\\"weakness_summary\\\": \\\"Buffer overflow in Mbed TLS library affecting versions 2.x before 2.28.5 and 3.x before 3.5.0.\\\",\\n \\\"attack_surface\\\": \\\"Network-facing applications and devices utilizing vulnerable versions of Mbed TLS for cryptographic operations.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"The vulnerability is remotely exploitable without authentication or user interaction, with low attack complexity. However, there is no explicit evidence of active exploitation or public proof-of-concept exploits in the input data.\\\",\\n \\\"evidence_signals\\\": [\\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N indicates network-based, low-complexity attack vector.\\\", \\\"EPSS score of 0.00309 (0.53566 percentile) suggests relatively low exploitation likelihood as of 2025-11-23.\\\", \\\"No explicit mention of active exploitation or PoC in provided references.\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"High - Urgent Verification\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"High severity buffer overflow in a core cryptographic library with remote, unauthenticated exploitability warrants urgent verification of affected assets and immediate patching planning. While no active exploitation is reported, the potential impact on confidentiality and service availability is significant.\\\",\\n \\\"recommended_sla\\\": \\\"Verify affected assets within 24 hours; apply patches within 7 days.\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"High impact on confidentiality (C:H), with potential for denial of service or remote code execution. Integrity and availability impacts are not explicitly rated in the CVSS vector but are inherent risks of buffer overflows.\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation could lead to unauthorized access to sensitive information processed by the library, application crashes, or arbitrary code execution in the context of the vulnerable process.\\\",\\n \\\"blast_radius\\\": \\\"Wide-ranging impact across any systems or devices utilizing vulnerable versions of Mbed TLS, particularly those with internet exposure. Fedora distributions 37, 38, and 39 are explicitly mentioned as affected.\\\",\\n \\\"business_risk_rating\\\": \\\"4\\\",\\n \\\"business_risk_justification\\\": \\\"High technical severity combined with the critical role of Mbed TLS in secure communications creates significant business risk. Potential for service disruption, data breaches, and reputational damage, especially in regulated industries or environments with extensive IoT deployments.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Arm Mbed TLS\\\", \\\"Fedora 37\\\", \\\"Fedora 38\\\", \\\"Fedora 39\\\"],\\n \\\"affected_versions\\\": \\\"Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0.\\\",\\n \\\"fixed_versions\\\": \\\"Mbed TLS 2.28.5 and 3.5.0.\\\",\\n \\\"configuration_dependencies\\\": \\\"Any application or system that links against or embeds vulnerable versions of Mbed TLS.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Critical - Network-accessible services using Mbed TLS are directly exposed to potential exploitation.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Remote Information Disclosure via Buffer Overflow\\\",\\n \\\"attacker_goal\\\": \\\"Extract sensitive cryptographic keys or other confidential data from vulnerable TLS implementations.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker crafts malicious network packets targeting the buffer overflow in Mbed TLS.\\\", \\\"The overflow triggers memory corruption, potentially leaking adjacent memory contents.\\\", \\\"Attacker analyzes leaked data for sensitive information such as session keys or private certificates.\\\"],\\n \\\"likely_targets\\\": \\\"Internet-facing servers, embedded devices, and IoT gateways utilizing vulnerable Mbed TLS versions.\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Denial of Service Attack\\\",\\n \\\"attacker_goal\\\": \\\"Disrupt service availability by crashing the application or system using Mbed TLS.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker sends specially crafted data to trigger the buffer overflow.\\\", \\\"The overflow causes the application to crash or enter an unstable state.\\\", \\\"Service becomes unavailable, impacting business operations or device functionality.\\\"],\\n \\\"likely_targets\\\": \\\"Critical infrastructure components, communication gateways, and embedded systems where availability is paramount.\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch Management\\\",\\n \\\"mitigation_action\\\": [\\\"Upgrade Mbed TLS to version 2.28.5 or 3.5.0 immediately on all affected systems.\\\", \\\"Inventory all applications and devices that embed or link against Mbed TLS to identify vulnerable instances.\\\", \\\"Implement network segmentation and access controls to limit exposure of vulnerable systems until patches are applied.\\\"],\\n \\\"workarounds\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"patching_notes\\\": \\\"Ensure compatibility testing of new Mbed TLS versions with existing applications before widespread deployment. Monitor vendor advisories for any additional guidance.\\\",\\n \\\"verification_steps\\\": [\\\"Verify Mbed TLS version on all systems using package managers or library identification tools.\\\", \\\"Test patched systems for functionality and performance regressions.\\\", \\\"Monitor logs and network traffic for any signs of attempted exploitation.\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain backups of previous Mbed TLS versions and application configurations to facilitate rollback if patching introduces issues.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor network traffic for anomalous patterns or malformed packets targeting TLS/SSL ports on systems using Mbed TLS.\\\",\\n \\\"Deploy IDS/IPS rules to detect potential buffer overflow attempts against known Mbed TLS vulnerabilities.\\\",\\n \\\"Search application and system logs for crashes, memory dumps, or error messages related to Mbed TLS processes.\\\",\\n \\\"Utilize endpoint detection and response (EDR) tools to identify unusual process behavior or memory corruption in applications linked to Mbed TLS.\\\",\\n \\\"Hunt for network connections from untrusted sources to internal systems running vulnerable Mbed TLS versions.\\\",\\n \\\"Correlate threat intelligence feeds for any mentions of CVE-2023-43615 exploitation in the wild.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00309 (percentile: 0.53566) as of 2025-11-23\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High - Mbed TLS is a foundational cryptographic library used by numerous downstream products and embedded systems.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed vulnerability description beyond 'buffer overflow'\\\", \\\"Specific CWE identifier\\\", \\\"Vendor-provided advisory link\\\", \\\"Information on whether exploitation leads to RCE or DoS\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS score discrepancy: 0.3100 (from cves_euvd) vs 0.00309 (from cves_epss). The latter (0.00309) is used as it's explicitly sourced from EPSS and dated 2025-11-23.\\\", \\\"Severity label 'HIGH' in cves data vs CVSS base score of 7.5 (which is high, but not critical).\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed CWE-120 (Buffer Overflow) based on the description, though not explicitly stated.\\\", \\\"Interpreted potential for RCE and DoS based on typical buffer overflow impacts, though CVSS vector only specifies confidentiality impact.\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details and affected versions are clear, but lack of specific technical description and vendor advisory limits precise impact assessment.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BDSHAANRULB57GVS5B3DZHXL5KCC7OWQ/\\\",\\n \\\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGRB5MO2KUJKYPMGXMIZH2WRH6QR5UZS/\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"110\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2024-23775\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2024-23775\\\",\\n \\\"title\\\": \\\"Integer Overflow in Mbed TLS mbedtls_x509_set_extension() Leading to DoS\\\",\\n \\\"short_description\\\": \\\"An integer overflow vulnerability exists in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2 within the mbedtls_x509_set_extension() function, allowing unauthenticated network attackers to cause a denial of service.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows remote attackers to crash Mbed TLS applications by sending crafted X.509 certificates with a large number of extensions, disrupting TLS handshakes and service availability without requiring authentication. Given Mbed TLS's widespread use in IoT and embedded systems, this DoS can impact device connectivity and secure communication channels.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"7.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\\\",\\n \\\"severity_label\\\": \\\"HIGH\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-190\\\"],\\n \\\"weakness_summary\\\": \\\"Integer overflow in mbedtls_x509_set_extension() when processing X.509 certificate extensions, leading to resource exhaustion or application crash.\\\",\\n \\\"attack_surface\\\": \\\"Network-exposed TLS endpoints accepting X.509 certificates (servers, clients performing certificate validation).\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitable by unauthenticated network attackers with low complexity; no user interaction required. No evidence of in-the-wild exploitation or public PoC was found in the input data.\\\",\\n \\\"evidence_signals\\\": [\\\"CVSS:3.1 AV:N/AC:L/PR:N/UI:N indicates network-accessible, low-complexity attack\\\", \\\"EPSS score 0.00291 (0.52040 percentile) suggests moderate exploitation likelihood\\\", \\\"No CISA KEV or vendor advisories indicating active exploitation were present in input data\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"High - Urgent Verification\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"High CVSS score (7.5) with network-accessible, low-complexity exploit path for DoS. Mbed TLS is widely deployed in embedded/IoT devices, increasing potential blast radius. Immediate verification of affected versions and exposure is warranted, followed by patching.\\\",\\n \\\"recommended_sla\\\": \\\"Verify exposure within 72 hours; patch within 30 days.\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Availability: High (DoS); Confidentiality/Integrity: None\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation causes application crash or resource exhaustion via integer overflow in X.509 extension parsing, disrupting TLS handshakes and service availability.\\\",\\n \\\"blast_radius\\\": \\\"Medium to High - Mbed TLS is embedded in IoT devices, network equipment, and applications where TLS termination occurs. Internet-exposed TLS endpoints are primary targets.\\\",\\n \\\"business_risk_rating\\\": \\\"4\\\",\\n \\\"business_risk_justification\\\": \\\"DoS on critical TLS-dependent services (e.g., VPN gateways, IoT device management) can disrupt operations. While no data theft occurs, service unavailability poses operational and reputational risks, especially in regulated sectors.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Arm Mbed TLS\\\"],\\n \\\"affected_versions\\\": \\\"Mbed TLS 2.x before 2.28.7; Mbed TLS 3.x before 3.5.2\\\",\\n \\\"fixed_versions\\\": \\\"Mbed TLS 2.28.7 and later; Mbed TLS 3.5.2 and later\\\",\\n \\\"configuration_dependencies\\\": \\\"Systems using Mbed TLS for X.509 certificate parsing (default in TLS handshakes).\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High - TLS endpoints accepting client certificates or performing certificate validation are directly exposed to network attacks.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Remote DoS via Malicious Client Certificate\\\",\\n \\\"attacker_goal\\\": \\\"Disrupt TLS service availability by crashing the server during handshake.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker crafts X.509 certificate with excessive extensions to trigger integer overflow\\\", \\\"Attacker initiates TLS handshake with target server, presenting malicious certificate\\\", \\\"Server's Mbed TLS mbedtls_x509_set_extension() overflows, causing crash or hang\\\"],\\n \\\"likely_targets\\\": \\\"Internet-exposed Mbed TLS servers (VPNs, IoT device management interfaces, embedded web servers)\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Client-Side DoS via Rogue Server Certificate\\\",\\n \\\"attacker_goal\\\": \\\"Crash Mbed TLS client applications by serving malicious server certificate.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker operates rogue TLS server with malicious certificate containing many extensions\\\", \\\"Mbed TLS client connects and attempts to validate server certificate\\\", \\\"Client's mbedtls_x509_set_extension() overflows, crashing client application\\\"],\\n \\\"likely_targets\\\": \\\"Embedded devices or applications using Mbed TLS as a client library\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade Mbed TLS to version 2.28.7 or later (2.x branch) or 3.5.2 or later (3.x branch) to resolve the integer overflow.\\\",\\n \\\"Audit all systems using Mbed TLS for certificate parsing, prioritizing internet-exposed TLS endpoints and embedded devices.\\\",\\n \\\"Implement network-level rate limiting or TLS termination proxies to filter malicious certificates before reaching vulnerable Mbed TLS instances.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"patching_notes\\\": \\\"Coordinate patching with device vendors for embedded systems; test patches in non-production environments to avoid compatibility issues.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Identify Mbed TLS versions in use via asset inventory, dependency scanning, or runtime detection tools.\\\",\\n \\\"Confirm patch application by checking Mbed TLS version strings (e.g., MBEDTLS_VERSION_STRING) in application logs or runtime queries.\\\",\\n \\\"Monitor for post-patch stability issues or crashes during TLS handshakes to ensure compatibility.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backups of previous Mbed TLS libraries; plan rollback procedures if patching causes unexpected behavior in production systems.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor TLS handshake failures or application crashes with stack traces pointing to mbedtls_x509_set_extension() or X.509 parsing functions.\\\",\\n \\\"Alert on anomalous spikes in TLS connection resets or incomplete handshakes from single sources, potentially indicating DoS attempts.\\\",\\n \\\"Hunt for network traffic containing X.509 certificates with unusually high numbers of extensions (e.g., >10) using packet inspection or TLS proxies.\\\",\\n \\\"Deploy EDR/SIEM rules to detect repeated crashes of Mbed TLS-linked processes or services.\\\",\\n \\\"Correlate firewall logs for repeated connection attempts to TLS ports (e.g., 443, 993) followed by service unavailability.\\\",\\n \\\"Scan asset inventory for unpatched Mbed TLS versions (<2.28.7 or <3.5.2) and flag systems for urgent patching.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"No evidence of in-the-wild exploitation found in input data.\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00291 (percentile: 0.52040)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - Mbed TLS is a widely used cryptographic library in embedded devices and third-party applications; vulnerable versions could propagate through software supply chains.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Vendor advisory URL\\\", \\\"Detailed technical analysis or PoC\\\", \\\"CISA KEV status\\\", \\\"Ransomware/campaign associations\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS scores differ between sources (0.2900 vs 0.00291); using 0.00291 as it is explicitly labeled as EPSS in input data.\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed 'CWE-190' (Integer Overflow) as the CWE based on description; no explicit CWE was provided in input data.\\\", \\\"Inferred attack scenarios from vulnerability description and CVSS metrics.\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details (affected versions, CVSS) are present, but lack of vendor advisory or PoC limits exploitability assessment.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/\\\",\\n \\\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"113\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2024-28960\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.2,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2024-28960\\\",\\n \\\"title\\\": \\\"Mbed TLS and Mbed Crypto PSA Crypto API Shared Memory Mishandling Vulnerability\\\",\\n \\\"short_description\\\": \\\"The PSA Crypto API in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto, mishandles shared memory, leading to potential information disclosure and integrity impacts.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows unauthenticated network-based attackers to read sensitive cryptographic material or process state from shared memory, potentially compromising confidentiality and integrity. Given Mbed TLS's widespread use in embedded systems and IoT devices, successful exploitation could expose cryptographic keys, session data, or other sensitive information, undermining the security of TLS connections and cryptographic operations.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"8.2\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N\\\",\\n \\\"severity_label\\\": \\\"HIGH\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-119\\\"],\\n \\\"weakness_summary\\\": \\\"Improper Restriction of Operations within the Bounds of a Memory Buffer\\\",\\n \\\"attack_surface\\\": \\\"PSA Crypto API shared memory interface exposed to network-accessible contexts using affected Mbed TLS/Mbed Crypto versions.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"No evidence of in-the-wild exploitation or public PoC was found in the input data. The vulnerability is network-accessible with low attack complexity and no authentication, making it moderately exploitable.\\\",\\n \\\"evidence_signals\\\": [\\\"CVSS:3.1 base score 8.2 indicates high severity\\\", \\\"EPSS score 0.00185 (percentile 0.40479) suggests low current exploitation likelihood\\\", \\\"No CISA KEV or ransomware association mentioned\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"High - Urgent Verification\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"High CVSS score (8.2) with network-accessible, low-complexity exploitation path affecting cryptographic libraries. Immediate verification of affected versions and exposure is required to prevent potential information disclosure.\\\",\\n \\\"recommended_sla\\\": \\\"Initial verification within 24 hours; patch deployment within 7 days for exposed systems.\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"High confidentiality impact (C:H), low integrity impact (I:L), no availability impact (A:N).\\\",\\n \\\"technical_impact_details\\\": \\\"Attackers can read sensitive information from shared memory, potentially exposing cryptographic keys, session data, or internal process state, leading to further compromise.\\\",\\n \\\"blast_radius\\\": \\\"Systems running Mbed TLS 2.18.0-2.28.7 or 3.0.0-3.5.x, and Mbed Crypto (unspecified versions), particularly those with network-exposed TLS endpoints or cryptographic operations.\\\",\\n \\\"business_risk_rating\\\": \\\"4\\\",\\n \\\"business_risk_justification\\\": \\\"High risk due to potential exposure of cryptographic material, which could lead to session hijacking, data decryption, or impersonation attacks. Widespread use in embedded/IoT devices increases exposure surface.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Mbed TLS\\\", \\\"Mbed Crypto\\\", \\\"Fedora 38\\\", \\\"Fedora 39\\\", \\\"Fedora 40\\\"],\\n \\\"affected_versions\\\": \\\"Mbed TLS 2.18.0 through 2.28.x before 2.28.8; Mbed TLS 3.x before 3.6.0; Mbed Crypto (versions unspecified); Fedora 38, 39, 40\\\",\\n \\\"fixed_versions\\\": \\\"Mbed TLS 2.28.8, Mbed TLS 3.6.0\\\",\\n \\\"configuration_dependencies\\\": \\\"Systems using PSA Crypto API with shared memory features enabled.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Critical - vulnerability is network-accessible (AV:N) and affects TLS libraries commonly used in internet-facing services.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Cryptographic Key Extraction via Shared Memory\\\",\\n \\\"attacker_goal\\\": \\\"Extract cryptographic keys or session secrets from vulnerable Mbed TLS implementations.\\\",\\n \\\"steps_high_level\\\": [\\\"Identify target system running affected Mbed TLS/Mbed Crypto versions with network-exposed TLS services.\\\", \\\"Craft network requests or TLS handshake messages that trigger PSA Crypto API shared memory operations.\\\", \\\"Exploit the memory mishandling to read sensitive data from shared memory regions.\\\"],\\n \\\"likely_targets\\\": \\\"Internet-facing IoT devices, embedded systems, or servers using Mbed TLS for TLS termination.\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Session Data Disclosure in Embedded Systems\\\",\\n \\\"attacker_goal\\\": \\\"Compromise confidentiality of TLS sessions by reading session keys or initialization vectors from memory.\\\",\\n \\\"steps_high_level\\\": [\\\"Target embedded devices or IoT endpoints utilizing Mbed TLS for secure communications.\\\", \\\"Send specially crafted packets to trigger shared memory operations in the PSA Crypto API.\\\", \\\"Extract session-specific cryptographic material to decrypt or manipulate ongoing communications.\\\"],\\n \\\"likely_targets\\\": \\\"Embedded devices, IoT sensors, network equipment using Mbed TLS for cryptographic operations.\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch Management\\\",\\n \\\"mitigation_action\\\": [\\\"Upgrade Mbed TLS to version 2.28.8 or 3.6.0 immediately for all affected systems.\\\", \\\"Apply vendor-provided patches for Fedora 38, 39, and 40 distributions containing updated Mbed TLS packages.\\\", \\\"Restrict network access to systems running vulnerable versions using firewall rules or network segmentation until patches are applied.\\\"],\\n \\\"workarounds\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"patching_notes\\\": \\\"Coordinate patching with maintenance windows; test patches in non-production environments first due to cryptographic library sensitivity.\\\",\\n \\\"verification_steps\\\": [\\\"Verify Mbed TLS version on all systems using 'mbedtls_version_string()' or package manager queries.\\\", \\\"Check for signs of exploitation in logs (unusual memory access patterns, failed TLS handshakes).\\\", \\\"Validate TLS functionality post-patch to ensure service continuity.\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain backups of configuration files and binaries before patching; prepare rollback procedures if patch causes compatibility issues.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor network traffic for unusual TLS handshake patterns or repeated connection attempts to services using Mbed TLS.\\\",\\n \\\"Search logs for error messages related to PSA Crypto API failures or memory access violations in Mbed TLS processes.\\\",\\n \\\"Use EDR tools to detect anomalous memory read operations in processes utilizing Mbed TLS libraries.\\\",\\n \\\"Hunt for network scans targeting ports commonly associated with TLS-enabled services on potentially vulnerable systems.\\\",\\n \\\"Correlate EPSS score trends with internal telemetry to identify potential exploitation attempts.\\\",\\n \\\"Review SIEM alerts for unexpected process crashes or memory dumps in applications linked against Mbed TLS.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"No evidence of active exploitation found in input data.\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00185 (percentile 0.40479) as of 2025-11-23\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High - Mbed TLS is a widely used cryptographic library in embedded systems and IoT devices, making this a potential supply chain issue.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed affected versions for Mbed Crypto\\\", \\\"Specific workarounds or temporary mitigations\\\", \\\"Vendor-provided exploitability assessments\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS scores vary between sources (0.1800 vs 0.00185) - using 0.00185 as it's from dedicated EPSS source with recent date\\\", \\\"Affected product scope includes Fedora distributions but specific package versions not detailed\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed 'mishandles shared memory' refers to memory safety issues allowing unauthorized reads\\\", \\\"Inferred exploitability based on CVSS metrics in absence of explicit exploitation evidence\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details and affected versions are clear, but lack of specific exploitation evidence and workarounds limits actionable guidance.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2024-03.md\\\",\\n \\\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YE3QRREGJC6K34JD4LZ5P3IALNX4QYY/\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"115\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2024-45157\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2024-45157\\\",\\n \\\"title\\\": \\\"Mbed TLS PSA Subsystem Incorrect RNG Algorithm Selection\\\",\\n \\\"short_description\\\": \\\"Mbed TLS versions before 2.28.9 and 3.x before 3.6.1 contain a configuration flaw where enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not cause the PSA subsystem to use HMAC_DRBG as documented. The system only uses HMAC_DRBG when both MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled, contrary to user expectations and documentation.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability undermines cryptographic security by causing the system to use a different random number generator (RNG) than the one selected by the user. This can lead to weaker-than-expected cryptographic operations, potentially compromising the confidentiality of encrypted data, session keys, and other security-sensitive operations that rely on strong entropy. The issue is particularly concerning because it silently violates the user's explicit security configuration, creating a false sense of security.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"5.1\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-325: Missing Cryptographic Step\\\", \\\"CWE-358: Improperly Implemented Security Check for Standard\\\"],\\n \\\"weakness_summary\\\": \\\"The vulnerability stems from an incorrect implementation of the PSA cryptographic subsystem's RNG selection logic. The system fails to honor the user's explicit algorithm selection via the MBEDTLS_PSA_HMAC_DRBG_MD_TYPE configuration flag, instead falling back to default behavior that doesn't match documented functionality.\\\",\\n \\\"attack_surface\\\": \\\"The attack surface is limited to local access scenarios where an attacker can observe or influence cryptographic operations. This typically affects applications that use Mbed TLS for cryptographic functions, including TLS connections, certificate generation, key derivation, and encrypted storage operations.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Low\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires local access and high attack complexity to observe or influence cryptographic operations. The vulnerability does not provide direct code execution but could enable cryptographic attacks if combined with other weaknesses.\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of active exploitation found in input data\\\", \\\"EPSS score of 0.00038 indicates low exploitation likelihood\\\", \\\"CVSS:3.1 vector shows local access requirement (AV:L) and high attack complexity (AC:H)\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"No\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"High\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"While the vulnerability affects cryptographic integrity, the high attack complexity and local access requirement reduce immediate risk. However, the silent nature of the configuration violation and potential for cryptographic weakening warrants scheduled patching within standard maintenance windows.\\\",\\n \\\"recommended_sla\\\": \\\"Patch within 90 days during regular maintenance cycle\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Confidentiality impact is high (C:H), with no integrity or availability impact. The vulnerability could lead to weaker cryptographic operations than expected, potentially exposing sensitive data.\\\",\\n \\\"technical_impact_details\\\": \\\"The primary impact is on the strength of cryptographic operations. If exploited, this could result in predictable or weaker random number generation, compromising encryption strength, session security, and key generation processes. Applications relying on Mbed TLS for security-critical operations would be affected.\\\",\\n \\\"blast_radius\\\": \\\"Limited to systems using affected Mbed TLS versions with PSA cryptographic subsystem enabled. The impact scope depends on how extensively the organization uses Mbed TLS and whether HMAC_DRBG was explicitly selected for security requirements.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to the cryptographic nature of the vulnerability, but mitigated by the high attack complexity and local access requirements. Risk increases if Mbed TLS is used in high-security environments or for compliance-mandated cryptographic operations.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Arm Mbed TLS\\\"],\\n \\\"affected_versions\\\": \\\"Mbed TLS versions before 2.28.9 and 3.x versions before 3.6.1\\\",\\n \\\"fixed_versions\\\": \\\"Mbed TLS 2.28.9 and 3.6.1\\\",\\n \\\"configuration_dependencies\\\": \\\"Vulnerability manifests when MBEDTLS_PSA_HMAC_DRBG_MD_TYPE is enabled. The system incorrectly uses HMAC_DRBG only when both MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Low relevance for internet-facing systems unless Mbed TLS is used in server applications. The local access requirement limits exposure to systems where attackers already have some level of access.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Cryptographic Weakening via RNG Observation\\\",\\n \\\"attacker_goal\\\": \\\"Compromise cryptographic strength by exploiting weaker-than-expected RNG behavior\\\",\\n \\\"steps_high_level\\\": [\\\"Gain local access to system running vulnerable Mbed TLS version\\\", \\\"Monitor cryptographic operations that should use HMAC_DRBG\\\", \\\"Analyze random output to identify patterns or weaknesses in the actually-used RNG\\\", \\\"Exploit any discovered weaknesses in subsequent cryptographic attacks\\\"],\\n \\\"likely_targets\\\": \\\"Systems using Mbed TLS for high-value cryptographic operations, embedded devices, IoT devices, and applications with strict cryptographic compliance requirements\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Compliance Bypass via Silent Configuration Violation\\\",\\n \\\"attacker_goal\\\": \\\"Exploit the gap between documented and actual cryptographic behavior\\\",\\n \\\"steps_high_level\\\": [\\\"Identify target system configured to meet specific cryptographic standards\\\", \\\"Verify that MBEDTLS_PSA_HMAC_DRBG_MD_TYPE is enabled as per security requirements\\\", \\\"Exploit the fact that the system is not actually using the expected RNG algorithm\\\", \\\"Leverage the weaker cryptographic implementation to compromise security controls\\\"],\\n \\\"likely_targets\\\": \\\"Organizations with regulatory compliance requirements mandating specific cryptographic algorithms, financial institutions, healthcare systems, and government applications\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Review\\\",\\n \\\"mitigation_action\\\": [\\\"Upgrade Mbed TLS to version 2.28.9 or 3.6.1 immediately to resolve the RNG selection issue\\\", \\\"Review and audit all Mbed TLS configurations to verify that cryptographic settings match intended security requirements\\\", \\\"Implement monitoring for cryptographic operations to detect any unexpected behavior or weak random number generation\\\"],\\n \\\"workarounds\\\": \\\"If immediate patching is not feasible, consider disabling the PSA cryptographic subsystem or ensuring that both MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled to force HMAC_DRBG usage as intended.\\\",\\n \\\"patching_notes\\\": \\\"Coordinate patching with application teams to ensure compatibility. Test the patch in non-production environments first, as RNG changes can affect cryptographic operations and key generation.\\\",\\n \\\"verification_steps\\\": [\\\"Verify Mbed TLS version is 2.28.9 or 3.6.1 after patching\\\", \\\"Confirm that enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE now correctly uses HMAC_DRBG\\\", \\\"Test cryptographic operations to ensure they produce expected results with the corrected RNG selection\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain backups of previous Mbed TLS versions and configurations. If issues arise, rollback may be necessary, but this reintroduces the vulnerability. Consider alternative cryptographic libraries if persistent problems occur.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for unexpected cryptographic failures or weak key generation in applications using Mbed TLS\\\",\\n \\\"Implement entropy testing to verify that RNG outputs meet expected strength requirements\\\",\\n \\\"Search logs for configuration warnings or errors related to Mbed TLS PSA subsystem initialization\\\",\\n \\\"Hunt for processes accessing Mbed TLS libraries with versions matching the vulnerable range\\\",\\n \\\"Monitor for unusual cryptographic patterns or repeated random values that might indicate RNG weakness\\\",\\n \\\"Alert on any systems still running Mbed TLS versions below 2.28.9 or 3.6.1 after patch deployment deadline\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00038\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - Mbed TLS is widely used in embedded systems and IoT devices, making this relevant to supply chain security, particularly for devices that cannot be easily patched.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed vendor advisory link\\\", \\\"Specific exploit code availability\\\", \\\"CISA KEV status\\\", \\\"Detailed affected version ranges beyond major version boundaries\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS scores show minor variation between sources (0.0400 vs 0.00038), but both indicate low exploitation probability\\\", \\\"Limited information on real-world exploitation or proof-of-concept availability\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed that the vulnerability primarily affects systems where HMAC_DRBG was explicitly selected for security or compliance reasons\\\", \\\"Inferred that the local access requirement limits immediate threat despite high confidentiality impact\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear from the CVE description, but limited information on real-world impact and exploitation reduces confidence in business risk assessment.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://github.com/Mbed-TLS/mbedtls/releases/\\\",\\n \\\"https://mbed-tls.readthedocs.io/en/latest/security-advisories/\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"119\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2025-27809\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2025-27809\\\",\\n \\\"title\\\": \\\"Mbed TLS Client-Side Improper Hostname Verification Vulnerability\\\",\\n \\\"short_description\\\": \\\"Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows an attacker with a trusted certificate to impersonate any server, leading to potential man-in-the-middle (MITM) attacks against Mbed TLS client applications. The risk is conditional: applications that do not explicitly call mbedtls_ssl_set_hostname are vulnerable to accepting certificates for arbitrary hostnames, undermining TLS identity verification. This matters because it breaks the trust model for TLS clients, enabling credential theft, data exfiltration, or malicious code injection if clients communicate with a rogue server.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"5.4\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-297: Improper Validation of Certificate with Host Mismatch\\\"],\\n \\\"weakness_summary\\\": \\\"The vulnerability stems from improper hostname validation in the TLS client. When the application does not invoke mbedtls_ssl_set_hostname, the client fails to enforce that the server's certificate matches the intended hostname, accepting any trusted certificate regardless of the hostname.\\\",\\n \\\"attack_surface\\\": \\\"Client-side TLS connections in applications using Mbed TLS for secure communication. The attack surface is limited to scenarios where an attacker can intercept or redirect client traffic to a server they control that possesses a trusted certificate.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires an attacker to possess a trusted certificate for an arbitrary hostname and be able to redirect or intercept client traffic (e.g., via DNS poisoning, ARP spoofing, or compromised infrastructure). The complexity is high due to the need for a trusted certificate and network positioning, but the vulnerability is inherent in the library's default behavior when hostname verification is not explicitly enabled.\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of active exploitation in input data\\\", \\\"EPSS score indicates low probability of exploitation in the near term\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"High\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"The vulnerability has a medium CVSS score (5.4) with high attack complexity, requiring both a trusted certificate and network positioning to exploit. However, it affects the core TLS trust model for client applications. Prioritize patching in environments where Mbed TLS clients connect to external or untrusted networks without additional hostname verification controls. The absence of known active exploitation and low EPSS score support a scheduled patch approach rather than immediate emergency patching.\\\",\\n \\\"recommended_sla\\\": \\\"Patch within 90 days for internet-facing clients; 180 days for internal-only clients.\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Confidentiality and Integrity impacts are limited (C:L/I:L), with no Availability impact. An attacker can potentially read and modify data in transit if they can successfully MITM a vulnerable client connection.\\\",\\n \\\"technical_impact_details\\\": \\\"If exploited, an attacker with a trusted certificate can impersonate a legitimate server, leading to unauthorized access to sensitive data transmitted over TLS (e.g., credentials, session tokens, personal data). Data integrity is compromised if the attacker modifies requests or responses. The scope is changed (S:C) as multiple client connections could be affected if the library is widely deployed.\\\",\\n \\\"blast_radius\\\": \\\"The blast radius depends on the deployment of Mbed TLS clients within the organization. If used in critical systems (e.g., IoT devices, embedded systems, or server-to-server communication), the impact could be significant. Applications that do not call mbedtls_ssl_set_hostname are directly vulnerable.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Business risk is moderate. While the vulnerability undermines TLS security, exploitation requires significant prerequisites (trusted certificate and network access). Risk is higher for organizations with extensive Mbed TLS client deployments in untrusted network environments or those handling sensitive data without additional encryption layers. Compliance risks may arise if TLS verification is mandated by regulations.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Arm Mbed TLS\\\"],\\n \\\"affected_versions\\\": \\\"Mbed TLS versions before 2.28.10 and 3.x versions before 3.6.3\\\",\\n \\\"fixed_versions\\\": \\\"Mbed TLS 2.28.10 and 3.6.3\\\",\\n \\\"configuration_dependencies\\\": \\\"Vulnerability applies only when the TLS client application does not call mbedtls_ssl_set_hostname to enable hostname verification.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High relevance for internet-facing clients or devices connecting to external services, as they are more likely to encounter malicious actors capable of certificate impersonation.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Man-in-the-Middle via Trusted Certificate\\\",\\n \\\"attacker_goal\\\": \\\"Intercept sensitive data (e.g., credentials, API keys) transmitted by a vulnerable Mbed TLS client.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker obtains a trusted certificate for an arbitrary hostname (e.g., via compromised CA or misissued certificate).\\\", \\\"Attacker positions themselves to intercept client traffic (e.g., DNS spoofing, BGP hijacking, or compromised network device).\\\", \\\"Client connects to attacker's server, which presents the trusted certificate; client accepts it without hostname verification, enabling full MITM.\\\"],\\n \\\"likely_targets\\\": \\\"IoT devices, embedded systems, or server applications using Mbed TLS clients to connect to external APIs or cloud services without explicit hostname checks.\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Credential Harvesting from Embedded Device\\\",\\n \\\"attacker_goal\\\": \\\"Steal credentials or sensitive configuration data from an embedded device that uses Mbed TLS for outbound connections.\\\",\\n \\\"steps_high_level\\\": [\\\"Identify a vulnerable device that connects to a management server without hostname verification.\\\", \\\"Deploy a rogue server with a trusted certificate mimicking the legitimate server's identity.\\\", \\\"Redirect device traffic to the rogue server (e.g., via ARP spoofing or routing manipulation) to capture credentials or sensitive data.\\\"],\\n \\\"likely_targets\\\": \\\"Embedded devices in industrial control systems (ICS), medical devices, or consumer IoT products that rely on Mbed TLS for secure communication but lack proper hostname validation.\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Update\\\",\\n \\\"mitigation_action\\\": [\\\"Upgrade Mbed TLS to version 2.28.10 or 3.6.3 immediately to enforce proper hostname verification by default.\\\", \\\"Review all applications using Mbed TLS to ensure mbedtls_ssl_set_hostname is called with the correct hostname parameter before initiating TLS connections.\\\", \\\"Implement network segmentation and monitoring to detect unauthorized certificate usage or MITM attempts on critical client connections.\\\"],\\n \\\"workarounds\\\": \\\"If patching is delayed, ensure all TLS client applications explicitly call mbedtls_ssl_set_hostname with the intended server hostname. Additionally, use certificate pinning or hardcoded trusted certificates to limit exposure.\\\",\\n \\\"patching_notes\\\": \\\"Patching requires updating the Mbed TLS library and recompiling/redeploying affected applications. Test patches in a non-production environment to ensure compatibility with existing TLS configurations.\\\",\\n \\\"verification_steps\\\": [\\\"Verify that Mbed TLS version is 2.28.10 or 3.6.3 using library version checks or package managers.\\\", \\\"Confirm that mbedtls_ssl_set_hostname is called in client code by reviewing application source or configuration files.\\\", \\\"Test TLS connections with invalid hostname certificates to ensure rejection, simulating an attack scenario.\\\"],\\n \\\"rollback_considerations\\\": \\\"If the patch causes compatibility issues, rollback to the previous version and enforce strict hostname verification via code changes or certificate pinning until a fix is available.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor network traffic for TLS connections where the client accepts certificates with hostname mismatches, using tools like Wireshark or Zeek.\\\",\\n \\\"Deploy EDR or network sensors to flag unexpected server certificates or connections to untrusted IPs from Mbed TLS clients.\\\",\\n \\\"Hunt for anomalous outbound connections from embedded devices or servers that may indicate redirection to rogue endpoints.\\\",\\n \\\"Review certificate transparency logs for suspicious certificates issued for internal or critical hostnames that could be used for impersonation.\\\",\\n \\\"Audit application logs for errors or warnings related to TLS handshake failures or certificate validation issues in Mbed TLS clients.\\\",\\n \\\"Use threat intelligence feeds to identify known malicious certificates or IPs associated with MITM attacks and correlate with client connections.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00045\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - Mbed TLS is a widely used cryptographic library in embedded systems and IoT devices, making this vulnerability relevant to supply chain security if vendors do not patch promptly.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed affected version ranges for CPE\\\", \\\"Vendor-specific advisory publication date\\\", \\\"Explicit confirmation of active exploitation status\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS scores from different sources show minor discrepancies (0.0600 vs 0.00045), but both indicate low exploitation probability.\\\", \\\"CVSS score is provided as 5.4, but the vector string suggests 'High' attack complexity, which may lead to underestimation of exploit difficulty.\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed that applications not calling mbedtls_ssl_set_hostname are the primary concern, based on the description.\\\", \\\"Inferred that trusted certificates are required for exploitation, as the description implies acceptance of 'trusted certificates for arbitrary hostnames'.\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear, but lack of explicit exploitation data and limited CPE specificity reduce confidence in blast radius assessment.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://github.com/Mbed-TLS/mbedtls/releases\\\",\\n \\\"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-1/\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"120\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2025-27810\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2025-27810\\\",\\n \\\"title\\\": \\\"Mbed TLS Uninitialized Stack Memory in TLS Finished Message Leading to Authentication Bypass\\\",\\n \\\"short_description\\\": \\\"Mbed TLS versions before 2.28.10 and 3.x before 3.6.3 use uninitialized stack memory to compose the TLS Finished message under specific error conditions (failed memory allocation or hardware errors). This can lead to authentication bypasses, such as replay attacks, by allowing an attacker to potentially predict or reuse authentication data.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability undermines the integrity of the TLS handshake's authentication mechanism. The TLS Finished message is a critical component that verifies the handshake was not tampered with. Using uninitialized memory can result in predictable or replayable values, enabling attackers to bypass authentication and potentially establish unauthorized encrypted sessions or replay previous sessions. Given TLS's widespread use in securing communications, this flaw could impact a vast range of IoT devices, embedded systems, and network services that rely on Mbed TLS for their cryptographic operations.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"5.4\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-908: Use of Uninitialized Resource\\\"],\\n \\\"weakness_summary\\\": \\\"The core weakness is the use of uninitialized stack memory in a critical security context. When memory allocation fails or hardware errors occur, the library fails to properly initialize the buffer used for the TLS Finished message. This can lead to the message being constructed from leftover stack data, which may be predictable or contain data from previous operations, breaking the cryptographic guarantee of the Finished message.\\\",\\n \\\"attack_surface\\\": \\\"The attack surface is the TLS handshake process in applications using vulnerable versions of Mbed TLS. This is network-accessible and can be triggered remotely. However, exploitation requires specific error conditions (memory allocation failure or hardware errors) to occur during the handshake, making the attack surface conditional rather than universal.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation is challenging due to the high attack complexity. An attacker must induce a memory allocation failure or hardware error during the TLS handshake to trigger the use of uninitialized memory. This likely requires a resource exhaustion attack (e.g., memory pressure) or targeting a system with unreliable hardware. Successfully triggering the flaw could allow for authentication bypasses like session replays, but the attacker has no control over the specific uninitialized data used.\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of active exploitation was found in the input data.\\\", \\\"EPSS score is very low (0.00060), indicating a low probability of exploitation in the near term.\\\", \\\"The vulnerability requires specific, non-trivial conditions to be exploited.\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Network\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"High\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"The vulnerability has a MEDIUM CVSS score (5.4) with a high attack complexity. While it affects a critical component (TLS authentication), successful exploitation requires inducing specific system error conditions (memory allocation failure or hardware errors), which is non-trivial. The low EPSS score further supports a lower immediate risk. Therefore, it should be patched in a scheduled maintenance window rather than treated as an emergency.\\\",\\n \\\"recommended_sla\\\": \\\"Patch within 90 days during a standard maintenance cycle.\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Confidentiality and Integrity are partially compromised (Low), with no impact on Availability. The primary impact is the potential for authentication bypass, which could lead to unauthorized access to encrypted data or session replay attacks.\\\",\\n \\\"technical_impact_details\\\": \\\"If successfully exploited, an attacker could bypass the authentication mechanism of a TLS session. This could allow them to either establish a new, seemingly valid session without proper authentication or replay a previous session's Finished message to resume that session illegitimately. The confidentiality of the session key is not directly compromised, but the integrity of the session establishment is weakened.\\\",\\n \\\"blast_radius\\\": \\\"The blast radius is potentially wide due to Mbed TLS's use in numerous IoT and embedded devices, but it is limited by the high attack complexity. Only systems experiencing memory allocation failures or hardware errors during the TLS handshake are susceptible to exploitation. The scope is set to 'Changed' (S:C) in the CVSS vector, indicating that the impact can extend to other components relying on the TLS session's integrity.\\\",\\n \\\"business_risk_rating\\\": \\\"2\\\",\\n \\\"business_risk_justification\\\": \\\"The business risk is moderate (2 out of 5). While the vulnerability affects a core security protocol, the high attack complexity and the need for specific error conditions make successful exploitation unlikely in most environments. The primary risk is to systems with constrained resources (common in IoT) that are exposed to resource exhaustion attacks. For most enterprise environments with robust infrastructure, the immediate risk is low, but the potential for authentication bypass warrants patching.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Arm Mbed TLS\\\"],\\n \\\"affected_versions\\\": \\\"Mbed TLS versions before 2.28.10 and all 3.x versions before 3.6.3.\\\",\\n \\\"fixed_versions\\\": \\\"Mbed TLS 2.28.10 and Mbed TLS 3.6.3.\\\",\\n \\\"configuration_dependencies\\\": \\\"The vulnerability is present in the core library and does not depend on specific configurations. However, exploitation is only possible when the system experiences memory allocation failures or hardware errors during the TLS handshake.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High. TLS is a fundamental protocol for securing internet communications. Any Mbed TLS-enabled service accessible over a network (especially the internet) is potentially exposed. However, the high attack complexity significantly reduces the practical risk from internet-based attackers.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Resource Exhaustion to Trigger Authentication Bypass\\\",\\n \\\"attacker_goal\\\": \\\"To bypass TLS authentication and either establish an unauthorized session or replay a previous session.\\\",\\n \\\"steps_high_level\\\": [\\\"The attacker identifies a target service using a vulnerable version of Mbed TLS.\\\", \\\"The attacker launches a resource exhaustion attack (e.g., flooding with connection requests, consuming server memory) to induce a memory allocation failure during a TLS handshake.\\\", \\\"If successful, the server uses uninitialized stack memory for the TLS Finished message, potentially creating a predictable or replayable authentication token.\\\"],\\n \\\"likely_targets\\\": \\\"IoT devices, embedded systems, or servers with limited memory resources that use Mbed TLS and are exposed to the network.\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Hardware Fault Injection to Exploit Uninitialized Memory\\\",\\n \\\"attacker_goal\\\": \\\"To trigger the vulnerability by inducing a hardware error, leading to an authentication bypass.\\\",\\n \\\"steps_high_level\\\": [\\\"An attacker with physical or close proximity access to a device using vulnerable Mbed TLS induces a hardware fault (e.g., voltage glitching, clock glitching) during the TLS handshake.\\\", \\\"The hardware error causes the library to follow the error path where uninitialized stack memory is used for the Finished message.\\\", \\\"The attacker captures the resulting session and analyzes the Finished message for predictability or reusability to bypass authentication.\\\"],\\n \\\"likely_targets\\\": \\\"Physically accessible embedded devices, smart cards, or secure elements that rely on Mbed TLS for cryptographic operations.\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch\\\",\\n \\\"mitigation_action\\\": [\\\"Upgrade Mbed TLS to version 2.28.10 or 3.6.3 immediately in all affected products and deployments.\\\", \\\"Conduct a thorough inventory of all systems, libraries, and embedded firmware to identify any instances of the vulnerable Mbed TLS versions.\\\", \\\"Implement monitoring for resource exhaustion attacks and memory allocation failures on systems that cannot be patched immediately.\\\"],\\n \\\"workarounds\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"patching_notes\\\": \\\"Patching is the primary remediation. For embedded systems, this may require a firmware update from the device vendor. Ensure that the patched version is thoroughly tested in a non-production environment to avoid compatibility issues.\\\",\\n \\\"verification_steps\\\": [\\\"Verify the Mbed TLS library version on all systems and confirm it is 2.28.10 or 3.6.3.\\\", \\\"Review system logs for any unusual TLS handshake failures or memory allocation errors around the time of patching.\\\", \\\"Perform connectivity tests to ensure that patched systems can still establish TLS connections correctly with clients and peers.\\\"],\\n \\\"rollback_considerations\\\": \\\"If the patch causes issues, rollback to the previous version is possible but will reintroduce the vulnerability. A rollback plan should include immediate re-implementation of any temporary mitigations and a schedule for re-applying the patch after resolving the compatibility issue.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for repeated, failed TLS handshakes from the same source IP, which could indicate an attempt to induce memory allocation failures.\\\",\\n \\\"Hunt for anomalous patterns in TLS Finished messages, such as repeated or predictable values, using network traffic analysis tools.\\\",\\n \\\"Search logs for system-level memory allocation failures or hardware error messages coinciding with TLS connection attempts.\\\",\\n \\\"Deploy EDR or system monitoring to track memory usage spikes on servers hosting Mbed TLS applications, potentially indicating resource exhaustion attacks.\\\",\\n \\\"Use vulnerability scanning tools to periodically inventory Mbed TLS versions across the network.\\\",\\n \\\"Analyze network captures for session replay attempts, where an old session's Finished message is replayed in a new handshake context.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00060\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium. Mbed TLS is a widely used library in IoT and embedded systems. A vulnerability here could have a cascading effect on many downstream products, but the high attack complexity limits the immediate supply chain risk.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed information on which specific hardware errors can trigger the vulnerability.\\\", \\\"Explicit confirmation from the vendor regarding active exploitation.\\\", \\\"Specific workarounds or configuration changes that could mitigate the risk without patching.\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"There is a discrepancy in the EPSS scores provided by different sources (0.0700 vs 0.00060). The lower score (0.00060) from the dedicated EPSS source is considered more authoritative for this analysis.\\\"],\\n \\\"assumptions_made\\\": [\\\"It is assumed that 'authentication bypasses such as replays' implies that the uninitialized memory could lead to predictable or reusable Finished messages.\\\", \\\"It is assumed that the 'some cases' mentioned in the description refer specifically to the memory allocation failures and hardware errors.\\\"],\\n \\\"confidence\\\": \\\"Medium-High. The core vulnerability details are clear, but the practical exploitability is uncertain due to the high attack complexity and lack of specific technical details on triggering the error conditions.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://github.com/Mbed-TLS/mbedtls/releases\\\",\\n \\\"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"121\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2025-47917\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.9,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2025-47917\\\",\\n \\\"title\\\": \\\"Mbed TLS Use-After-Free Vulnerability in mbedtls_x509_string_to_names()\\\",\\n \\\"short_description\\\": \\\"Mbed TLS before 3.6.4 contains a use-after-free vulnerability in the mbedtls_x509_string_to_names() function. The function unexpectedly performs a deep free on an output argument, conflicting with documented behavior, leading to memory corruption in applications developed according to the documentation.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows remote attackers to potentially execute arbitrary code or cause denial of service on applications using affected Mbed TLS versions. The discrepancy between documented API behavior and actual implementation increases the likelihood of developers inadvertently introducing vulnerable code patterns, amplifying the risk of exploitation in production environments.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"8.9\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H\\\",\\n \\\"severity_label\\\": \\\"HIGH\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-416\\\"],\\n \\\"weakness_summary\\\": \\\"Use-after-free vulnerability in certificate name parsing function due to undocumented deep free operation on output parameter\\\",\\n \\\"attack_surface\\\": \\\"Network-facing applications using Mbed TLS for X.509 certificate processing\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires network access and specific application usage patterns, but no authentication or user interaction\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of active exploitation in input data\\\", \\\"EPSS score 0.03858 (87.7th percentile) suggests moderate exploitation likelihood\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"High\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"High - Urgent Verification\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"High CVSS score (8.9) with potential for code execution, but high attack complexity reduces immediate threat. Requires urgent verification of affected applications and development practices.\\\",\\n \\\"recommended_sla\\\": \\\"72 hours for assessment, 30 days for remediation\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Confidentiality: Low, Integrity: High, Availability: High\\\",\\n \\\"technical_impact_details\\\": \\\"Use-after-free can lead to memory corruption, application crash, or remote code execution. Scope change (S:C) indicates potential impact beyond single component.\\\",\\n \\\"blast_radius\\\": \\\"Applications using Mbed TLS for X.509 certificate processing, particularly those following documented API usage patterns\\\",\\n \\\"business_risk_rating\\\": \\\"4\\\",\\n \\\"business_risk_justification\\\": \\\"High technical severity with potential for complete system compromise, but mitigated by high attack complexity and requirement for specific application usage patterns\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Arm Mbed TLS\\\"],\\n \\\"affected_versions\\\": \\\"All versions before 3.6.4\\\",\\n \\\"fixed_versions\\\": \\\"3.6.4 and later\\\",\\n \\\"configuration_dependencies\\\": \\\"Applications must use mbedtls_x509_string_to_names() function with heap-allocated head argument\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High - network-facing applications using TLS certificate processing are primary targets\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Remote Code Execution via Certificate Processing\\\",\\n \\\"attacker_goal\\\": \\\"Execute arbitrary code on target system\\\",\\n \\\"steps_high_level\\\": [\\\"Craft malicious certificate with specially formatted name fields\\\", \\\"Trigger certificate parsing through TLS handshake or certificate validation\\\", \\\"Exploit use-after-free to gain code execution\\\"],\\n \\\"likely_targets\\\": \\\"Internet-facing servers using Mbed TLS for client authentication or certificate validation\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Denial of Service Attack\\\",\\n \\\"attacker_goal\\\": \\\"Crash application or cause system instability\\\",\\n \\\"steps_high_level\\\": [\\\"Send malformed certificate data to target application\\\", \\\"Trigger mbedtls_x509_string_to_names() function call\\\", \\\"Exploit memory corruption to cause application crash\\\"],\\n \\\"likely_targets\\\": \\\"Embedded systems or IoT devices using Mbed TLS library\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Code Review\\\",\\n \\\"mitigation_action\\\": [\\\"Upgrade Mbed TLS to version 3.6.4 or later immediately\\\", \\\"Review all application code using mbedtls_x509_string_to_names() for proper memory management\\\", \\\"Implement input validation and sanitization for certificate data processing\\\"],\\n \\\"workarounds\\\": \\\"Avoid using mbedtls_x509_string_to_names() with heap-allocated head arguments until patched\\\",\\n \\\"patching_notes\\\": \\\"Version 3.6.4 resolves the undocumented deep free behavior. Test thoroughly in development environment before production deployment.\\\",\\n \\\"verification_steps\\\": [\\\"Verify Mbed TLS version in all deployed applications\\\", \\\"Test certificate processing functionality after upgrade\\\", \\\"Review application logs for memory corruption indicators\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous Mbed TLS version and application binaries. Monitor for performance degradation or compatibility issues post-upgrade.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for application crashes or abnormal termination in processes using Mbed TLS\\\",\\n \\\"Search logs for repeated certificate parsing failures or memory error messages\\\",\\n \\\"Implement memory sanitization tools to detect use-after-free patterns in development\\\",\\n \\\"Monitor network traffic for unusual certificate patterns or malformed TLS handshakes\\\",\\n \\\"Deploy endpoint detection for heap corruption indicators in Mbed TLS applications\\\",\\n \\\"Hunt for suspicious network connections attempting certificate-based authentication\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.03858 (87.7th percentile)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High - Mbed TLS is widely used in embedded systems and IoT devices across multiple industries\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed affected version ranges\\\", \\\"Vendor-specific advisories beyond GitHub\\\", \\\"Exploitation timeline\\\", \\\"CISA KEV status\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"No conflicts identified in provided data\\\"],\\n \\\"assumptions_made\\\": [\\\"High attack complexity based on CVSS vector analysis\\\", \\\"Applications following documentation are more likely affected\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details confirmed, but exploitation details and specific impact scenarios require additional vendor guidance\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-7.md\\\",\\n \\\"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"126\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2025-52496\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2025-52496\\\",\\n \\\"title\\\": \\\"Mbed TLS Race Condition in AESNI Detection Leading to Key Extraction or GCM Forgery\\\",\\n \\\"short_description\\\": \\\"Mbed TLS before 3.6.4 contains a race condition in AESNI detection under specific compiler optimizations. This vulnerability allows an attacker to potentially extract AES keys from a multithreaded program or perform GCM forgeries.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability directly threatens cryptographic key material confidentiality and message authenticity in applications using Mbed TLS. Successful exploitation could lead to complete compromise of encrypted communications, session hijacking, or data integrity violations. The race condition nature makes it particularly dangerous in multithreaded server environments where concurrent cryptographic operations occur.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"7.8\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N\\\",\\n \\\"severity_label\\\": \\\"HIGH\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-362\\\"],\\n \\\"weakness_summary\\\": \\\"Race condition in AESNI detection mechanism that can be triggered by compiler optimizations, leading to cryptographic key exposure or authentication bypass\\\",\\n \\\"attack_surface\\\": \\\"Local access to multithreaded applications using Mbed TLS cryptographic functions, particularly AES operations\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires local access to a multithreaded program using Mbed TLS with specific compiler optimizations. The race condition can be triggered to extract AES keys or perform GCM forgeries.\\\",\\n \\\"evidence_signals\\\": [\\\"No active exploitation reported in input data\\\", \\\"EPSS score indicates low current exploitation likelihood (0.00029)\\\", \\\"Vendor security advisory published\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Local\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"High\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"High - Urgent Verification\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"High CVSS score (7.8) with potential for key extraction and GCM forgery. While exploit complexity is high and requires specific conditions (multithreaded environment + compiler optimizations), the impact on cryptographic operations justifies urgent assessment of exposure.\\\",\\n \\\"recommended_sla\\\": \\\"72 hours for exposure assessment, 30 days for remediation\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"High confidentiality and integrity impact with no availability impact\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation could result in complete compromise of AES encryption keys, enabling decryption of protected data or creation of forged authenticated messages. The scope change indicates potential for broader impact beyond initial local access.\\\",\\n \\\"blast_radius\\\": \\\"All multithreaded applications using affected Mbed TLS versions with compiler optimizations that trigger the race condition\\\",\\n \\\"business_risk_rating\\\": \\\"4\\\",\\n \\\"business_risk_justification\\\": \\\"Critical risk to cryptographic operations and data protection. While exploitation requires specific technical conditions, the potential for key extraction poses significant regulatory and compliance risks, especially in environments handling sensitive data.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Mbed TLS\\\"],\\n \\\"affected_versions\\\": \\\"All versions before 3.6.4\\\",\\n \\\"fixed_versions\\\": \\\"3.6.4 and later\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires multithreaded program execution with specific compiler optimizations enabled\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High relevance for internet-facing services using Mbed TLS for TLS/SSL termination or cryptographic operations\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"AES Key Extraction Attack\\\",\\n \\\"attacker_goal\\\": \\\"Extract AES encryption keys from a multithreaded TLS server\\\",\\n \\\"steps_high_level\\\": [\\\"Gain local access to system running multithreaded Mbed TLS application\\\", \\\"Trigger race condition through concurrent cryptographic operations\\\", \\\"Exploit timing window to extract AES key material from memory\\\"],\\n \\\"likely_targets\\\": \\\"TLS/SSL servers, VPN endpoints, cryptographic service providers\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"GCM Forgery Attack\\\",\\n \\\"attacker_goal\\\": \\\"Create forged authenticated messages without valid credentials\\\",\\n \\\"steps_high_level\\\": [\\\"Access multithreaded application using Mbed TLS GCM mode\\\", \\\"Exploit race condition in AESNI detection\\\", \\\"Generate valid authentication tags for arbitrary messages\\\"],\\n \\\"likely_targets\\\": \\\"Applications using AES-GCM for message authentication, secure communication protocols\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Management\\\",\\n \\\"mitigation_action\\\": [\\\"Upgrade Mbed TLS to version 3.6.4 or later immediately\\\", \\\"Review compiler optimization settings in build configurations to identify potentially vulnerable compilation scenarios\\\", \\\"Implement runtime monitoring for unusual cryptographic operation patterns or key access attempts\\\"],\\n \\\"workarounds\\\": \\\"Consider disabling specific compiler optimizations that trigger the race condition if immediate patching is not feasible\\\",\\n \\\"patching_notes\\\": \\\"Version 3.6.4 contains the fix. Test patch compatibility with existing multithreaded applications before deployment.\\\",\\n \\\"verification_steps\\\": [\\\"Verify Mbed TLS version is 3.6.4 or later using version query APIs\\\", \\\"Review application logs for any unusual cryptographic errors or warnings\\\", \\\"Conduct cryptographic validation tests to ensure AES operations function correctly post-patch\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous Mbed TLS library versions and application binaries. Test rollback procedures to ensure quick recovery if patch causes compatibility issues.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for unusual patterns in AES cryptographic operations within multithreaded applications\\\",\\n \\\"Implement memory access monitoring around cryptographic key storage areas\\\",\\n \\\"Search for repeated authentication failures or invalid GCM tag verifications\\\",\\n \\\"Hunt for processes accessing Mbed TLS cryptographic contexts from unexpected threads\\\",\\n \\\"Monitor compiler optimization flags in build systems for potentially vulnerable configurations\\\",\\n \\\"Implement runtime detection of race condition patterns in AESNI detection code paths\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00029 (Percentile: 0.07131)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High - Mbed TLS is widely used as a cryptographic library in embedded systems, IoT devices, and server applications\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed technical description of the race condition mechanism\\\", \\\"Specific compiler optimization flags that trigger vulnerability\\\", \\\"Vendor-provided exploitability assessment\\\", \\\"Information about affected hardware platforms\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"No conflicts identified in provided data\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed 'CWE-362' (Race Condition) based on vulnerability description, though not explicitly stated in input\\\", \\\"Interpreted 'GCM forgery' as authentication bypass capability\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear, but technical specifics about exploitation mechanics and compiler optimization requirements are limited\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-1.md\\\",\\n \\\"https://lists.debian.org/debian-lts-announce/2025/08/msg00013.html\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"127\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2025-52497\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2025-52497\\\",\\n \\\"title\\\": \\\"Mbed TLS PEM Parsing Heap-Based Buffer Underflow\\\",\\n \\\"short_description\\\": \\\"Mbed TLS before 3.6.4 contains a one-byte heap-based buffer underflow vulnerability in mbedtls_pem_read_buffer and two mbedtls_pk_parse functions when processing untrusted PEM input.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows remote attackers to potentially leak heap memory contents or cause limited denial-of-service conditions by sending crafted PEM data to applications using affected Mbed TLS versions. While exploitation requires high attack complexity and only results in limited confidentiality and availability impacts, Mbed TLS is widely used in embedded systems, IoT devices, and network services where memory corruption vulnerabilities can have significant security implications.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"4.8\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-124: Buffer Underwrite\\\"],\\n \\\"weakness_summary\\\": \\\"Heap-based buffer underflow in PEM parsing functions allows reading one byte before the buffer start, potentially exposing heap memory contents or causing application instability.\\\",\\n \\\"attack_surface\\\": \\\"Network-facing applications and services that accept PEM-encoded certificates, keys, or other cryptographic material from untrusted sources.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Low\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires sending specially crafted PEM input to vulnerable parsing functions. High attack complexity and limited impact reduce immediate threat.\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of active exploitation in input data\\\", \\\"Low EPSS score (0.00103, 28.78th percentile) suggests limited real-world exploitation\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Network\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"High\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity with high attack complexity and limited impact. No evidence of active exploitation. Schedule patching during regular maintenance cycles while monitoring for exploitation developments.\\\",\\n \\\"recommended_sla\\\": \\\"90 days from vulnerability publication (by October 2, 2025)\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Limited confidentiality impact (memory leak) and limited availability impact (potential crash). No integrity impact.\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation could leak one byte of heap memory preceding the buffer, potentially exposing sensitive data structures. May cause application crashes or instability in specific conditions.\\\",\\n \\\"blast_radius\\\": \\\"Applications and services using Mbed TLS versions before 3.6.4 that process PEM data from untrusted sources. Embedded systems and IoT devices may be particularly affected due to widespread Mbed TLS adoption.\\\",\\n \\\"business_risk_rating\\\": \\\"2\\\",\\n \\\"business_risk_justification\\\": \\\"Limited impact scope with high attack complexity reduces immediate business risk. However, memory corruption vulnerabilities in cryptographic libraries warrant attention due to potential for information disclosure in security-sensitive contexts.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Arm Mbed TLS\\\"],\\n \\\"affected_versions\\\": \\\"All versions before 3.6.4\\\",\\n \\\"fixed_versions\\\": \\\"3.6.4 and later\\\",\\n \\\"configuration_dependencies\\\": \\\"Applications must use affected PEM parsing functions (mbedtls_pem_read_buffer, mbedtls_pk_parse functions) with untrusted input.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High - Network-accessible services accepting PEM input from external sources are most exposed. Internal services with controlled input sources have lower exposure.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Remote Memory Leak via Crafted PEM\\\",\\n \\\"attacker_goal\\\": \\\"Extract sensitive information from heap memory or cause service disruption\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker crafts malicious PEM data causing buffer underflow\\\", \\\"Sends crafted data to target service using Mbed TLS\\\", \\\"Observes memory leak or application crash behavior\\\"],\\n \\\"likely_targets\\\": \\\"Network services accepting certificate/key uploads, TLS termination points, embedded devices with management interfaces\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Information Gathering for Advanced Attacks\\\",\\n \\\"attacker_goal\\\": \\\"Leak cryptographic material or memory layout for follow-on exploitation\\\",\\n \\\"steps_high_level\\\": [\\\"Exploit buffer underflow to leak heap contents\\\", \\\"Analyze leaked data for cryptographic keys or pointers\\\", \\\"Use information to mount more sophisticated attacks\\\"],\\n \\\"likely_targets\\\": \\\"High-value systems where memory layout information could enable additional exploitation\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Input Validation\\\",\\n \\\"mitigation_action\\\": [\\\"Upgrade Mbed TLS to version 3.6.4 or later to resolve the buffer underflow vulnerability.\\\", \\\"Implement input validation and sanitization for all PEM data received from untrusted sources.\\\", \\\"Monitor and log abnormal PEM parsing behavior or application crashes for early detection of exploitation attempts.\\\"],\\n \\\"workarounds\\\": \\\"Restrict PEM input to trusted sources only. Implement rate limiting and input size restrictions for PEM data processing.\\\",\\n \\\"patching_notes\\\": \\\"Version 3.6.4 contains the fix. Test compatibility with existing applications before deployment. Consider backporting fixes if immediate upgrade is not feasible.\\\",\\n \\\"verification_steps\\\": [\\\"Verify Mbed TLS version is 3.6.4 or later using version checking functions or package management tools.\\\", \\\"Test PEM parsing functionality with legitimate inputs to ensure no regression.\\\", \\\"Review application logs for any PEM parsing errors or crashes that might indicate exploitation attempts.\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous Mbed TLS version and application configuration. Test rollback procedures before deployment.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for abnormal PEM parsing errors or warnings in application logs\\\",\\n \\\"Detect repeated connection attempts with malformed PEM data patterns\\\",\\n \\\"Alert on unexpected application crashes or memory corruption in services using Mbed TLS\\\",\\n \\\"Hunt for network traffic containing unusual PEM structures or encoding patterns\\\",\\n \\\"Monitor heap memory usage patterns for anomalies during PEM processing\\\",\\n \\\"Search for exploitation attempts using known PEM parsing vulnerability signatures\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"No evidence of active exploitation in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00103 (28.78th percentile)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - Mbed TLS is widely used in embedded systems and IoT devices, making this relevant to supply chain security assessments\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed technical description of exploitation mechanics\\\", \\\"Specific affected version ranges beyond 'before 3.6.4'\\\", \\\"Vendor-provided exploitability assessment\\\", \\\"Information about backported fixes or workarounds\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"No conflicts identified in provided data\\\"],\\n \\\"assumptions_made\\\": [\\\"High attack complexity inferred from CVSS metrics\\\", \\\"Limited real-world exploitation assumed based on low EPSS score\\\", \\\"Network exposure assumed for most affected implementations\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear, but limited technical depth and exploitation information reduces confidence in comprehensive assessment\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-2.md\\\",\\n \\\"https://lists.debian.org/debian-lts-announce/2025/08/msg00013.html\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"129\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2025-59438\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2025-59438\\\",\\n \\\"title\\\": \\\"Mbed TLS Observable Timing Discrepancy\\\",\\n \\\"short_description\\\": \\\"Mbed TLS through version 3.6.4 contains an observable timing discrepancy vulnerability. This flaw allows remote attackers to obtain sensitive information via a timing side-channel attack against the TLS implementation.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability enables attackers to exploit timing discrepancies to leak confidential information from TLS connections without requiring authentication. Given Mbed TLS's widespread use in embedded systems and IoT devices, this weakness could expose sensitive data in resource-constrained environments where cryptographic operations are performance-sensitive.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"5.3\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-208: Observable Timing Discrepancy\\\"],\\n \\\"weakness_summary\\\": \\\"The vulnerability manifests as a timing side-channel that leaks information about internal cryptographic operations, potentially revealing details about padding validation or other cryptographic computations.\\\",\\n \\\"attack_surface\\\": \\\"Network-accessible TLS endpoints using affected Mbed TLS versions for cryptographic operations, particularly in scenarios where attackers can measure response timing with sufficient precision.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires precise timing measurements of cryptographic operations, typically achievable through network-based timing attacks. No authentication or special privileges are needed, but successful exploitation depends on the attacker's ability to measure timing differences accurately.\\\",\\n \\\"evidence_signals\\\": [\\\"Low EPSS score (0.00036) suggests limited immediate exploitation likelihood\\\", \\\"Medium CVSS score indicates moderate exploitability\\\", \\\"No evidence of public exploits or active exploitation in input data\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low (timing measurement capability required)\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"While this timing side-channel could leak confidential information, the moderate CVSS score, low EPSS percentile (0.10124), and lack of documented exploitation reduce immediate urgency. However, the network-accessible nature and no authentication requirement warrant scheduled patching within standard maintenance windows.\\\",\\n \\\"recommended_sla\\\": \\\"Patch within 30-60 days during regular maintenance cycle\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Confidentiality impact with potential information disclosure\\\",\\n \\\"technical_impact_details\\\": \\\"Attackers can potentially recover sensitive information from TLS connections through timing analysis, though the exact data that can be extracted depends on specific cryptographic operations being performed and the precision of timing measurements.\\\",\\n \\\"blast_radius\\\": \\\"All systems running Mbed TLS versions through 3.6.4 that process TLS connections from untrusted networks. Impact is particularly significant for embedded devices and IoT deployments where timing measurements might be more predictable.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to information disclosure potential, but limited by the technical complexity of successful timing attacks and the absence of immediate exploitation evidence. Risk increases for organizations with high-security requirements or those handling particularly sensitive data through affected TLS implementations.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Arm Mbed TLS\\\"],\\n \\\"affected_versions\\\": \\\"All versions through 3.6.4\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Any configuration using Mbed TLS for cryptographic operations, particularly TLS server implementations or client applications processing untrusted TLS connections.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High relevance for internet-facing systems using Mbed TLS, as remote attackers can potentially exploit this vulnerability without authentication.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Remote Timing Attack on TLS Server\\\",\\n \\\"attacker_goal\\\": \\\"Extract confidential information from TLS connections\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker establishes multiple TLS connections to vulnerable Mbed TLS server\\\", \\\"Attacker measures response timing with high precision across multiple connection attempts\\\", \\\"Attacker analyzes timing patterns to infer internal cryptographic state or recover sensitive data\\\"],\\n \\\"likely_targets\\\": \\\"Internet-facing embedded devices, IoT gateways, and resource-constrained systems using Mbed TLS\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Client-Side Information Leakage\\\",\\n \\\"attacker_goal\\\": \\\"Compromise client applications using Mbed TLS\\\",\\n \\\"steps_high_level\\\": [\\\"Malicious server or man-in-the-middle attacker processes client TLS connections\\\", \\\"Attacker manipulates TLS handshake or data to trigger timing-vulnerable code paths\\\", \\\"Attacker measures timing variations to extract client-side secrets or session information\\\"],\\n \\\"likely_targets\\\": \\\"Client applications and embedded devices connecting to untrusted networks\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Hardening\\\",\\n \\\"mitigation_action\\\": [\\\"Upgrade Mbed TLS to the latest version beyond 3.6.4 as specified in vendor security advisories\\\", \\\"Implement network-level protections such as rate limiting and connection throttling to reduce timing attack precision\\\", \\\"Deploy monitoring for unusual connection patterns or timing-based reconnaissance activities\\\"],\\n \\\"workarounds\\\": \\\"Consider implementing constant-time cryptographic operations or additional timing randomization at the application layer if immediate patching is not feasible.\\\",\\n \\\"patching_notes\\\": \\\"Refer to Mbed TLS security advisory for specific patching instructions and version requirements. Test patches in development environment before production deployment.\\\",\\n \\\"verification_steps\\\": [\\\"Verify Mbed TLS version is updated beyond 3.6.4 using version detection tools\\\", \\\"Test TLS functionality and performance after patch application\\\", \\\"Validate that timing characteristics of cryptographic operations have been addressed\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous Mbed TLS version and configuration. Ensure rollback procedures are tested and documented in case of compatibility issues.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for unusual patterns of TLS connection attempts from single sources with precise timing characteristics\\\",\\n \\\"Detect repeated connection establishment attempts that could indicate timing measurement activities\\\",\\n \\\"Hunt for network traffic showing abnormal TLS handshake patterns or connection timing analysis\\\",\\n \\\"Implement EDR monitoring for processes using Mbed TLS with focus on timing-related system calls\\\",\\n \\\"Use network monitoring tools to identify sources making high volumes of short-lived TLS connections\\\",\\n \\\"Correlate timing data with known attack patterns for side-channel exploitation attempts\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00036\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - Mbed TLS is widely used in embedded systems and IoT devices, making this relevant to supply chain security for organizations deploying such devices\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Specific fixed version number\\\", \\\"Detailed technical description of the timing discrepancy\\\", \\\"Vendor-provided exploitability assessment\\\", \\\"CISA KEV status determination\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"Limited information about the exact nature and impact of the timing discrepancy\\\", \\\"No explicit mention of whether this affects specific cryptographic algorithms or TLS protocol versions\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed timing attack requires network access and precise measurement capability\\\", \\\"Inferred that the vulnerability affects confidentiality but not integrity or availability based on CVSS metrics\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are documented, but specific exploitation techniques and exact impact scope require additional technical details from vendor advisories\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-invalid-padding-error/\\\",\\n \\\"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"130\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2018-3693\",\n            \"component_name\": \"cortex-r\",\n            \"component_version\": \"5\",\n            \"component_cpe\": \"cpe:2.3:h:arm:cortex-r:5:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/arm/cortex-r@5\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.6,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2018-3693\\\",\\n \\\"title\\\": \\\"Speculative Buffer Overflow (Spectre) in Microprocessors\\\",\\n \\\"short_description\\\": \\\"Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability is a hardware-level speculative execution flaw (Spectre variant) that allows local attackers to read privileged kernel memory via side-channel analysis. It affects a vast range of Intel, ARM, and other processors, enabling information disclosure across security boundaries without direct memory access. The impact is confidentiality loss of sensitive data (passwords, keys, proprietary information) from kernel or hypervisor memory. Exploitation requires local access and specialized code execution, but successful attacks can bypass standard memory protection mechanisms.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"5.6\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-203: Observable Discrepancy\\\", \\\"CWE-200: Information Exposure\\\"],\\n \\\"weakness_summary\\\": \\\"Speculative execution flaw allowing out-of-bounds data access during branch prediction, leaking information through cache timing side-channels.\\\",\\n \\\"attack_surface\\\": \\\"Local access to affected processors; requires ability to execute code and measure timing differences.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"No evidence of in-the-wild exploitation in input data; EPSS score suggests low current exploitation likelihood. Exploitation requires local code execution and precise timing measurements.\\\",\\n \\\"evidence_signals\\\": [\\\"EPSS score 0.00916 (low exploitation probability)\\\", \\\"No CISA KEV listing\\\", \\\"No public PoC references in input data\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"No\\\",\\n \\\"authentication_required\\\": \\\"Yes (local user access)\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"Low\\\",\\n \\\"attack_complexity\\\": \\\"High\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium CVSS with high attack complexity and local-only access reduces immediate risk. However, affects core hardware across enterprise infrastructure. Prioritize patching during regular maintenance windows given low current exploitation evidence.\\\",\\n \\\"recommended_sla\\\": \\\"90 days for critical systems; 180 days for general infrastructure\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Confidentiality: High (information disclosure); Integrity: None; Availability: None\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation allows reading privileged kernel memory, potentially exposing credentials, cryptographic keys, and sensitive application data. No system crash or data modification occurs.\\\",\\n \\\"blast_radius\\\": \\\"Enterprise-wide: affects Intel Atom, Core i3/i5/i7, Xeon (multiple generations), ARM Cortex-A/R series, and Oracle/Schneider/NetApp appliances. Virtualized environments may allow guest-to-host information leakage.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to broad hardware exposure and potential for credential/key theft, but mitigated by high attack complexity and lack of current exploitation evidence. Risk increases in multi-tenant cloud environments and systems processing highly sensitive data.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Intel Atom C/J/E/X3/Z series\\\", \\\"Intel Celeron J/N series\\\", \\\"Intel Core i3/i5/i7 (multiple generations)\\\", \\\"Intel Xeon E3/E5/E7/Bronze/Silver/Gold/Platinum series\\\", \\\"ARM Cortex-A/R series\\\", \\\"Oracle Communications Eagle Application Processor\\\", \\\"Schneider Electric StruxureWare Data Center Expert\\\", \\\"NetApp SolidFire Element OS Management Node\\\", \\\"Red Hat Enterprise Linux 6/7\\\"],\\n \\\"affected_versions\\\": \\\"All versions running on affected hardware\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires microcode/firmware updates from hardware vendors and corresponding OS kernel patches (e.g., Red Hat RHSA-2018:2384, RHSA-2018:2390)\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Low direct relevance (local access required), but cloud/IaaS environments with shared hardware face elevated risk from multi-tenancy\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Local Privileged Information Disclosure\\\",\\n \\\"attacker_goal\\\": \\\"Extract kernel memory contents (credentials, cryptographic keys) from a compromised user session\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker gains local user access (low privileges) on affected system\\\", \\\"Attacker executes specially crafted code that triggers speculative buffer overflow during branch prediction\\\", \\\"Attacker uses cache timing side-channel to infer privileged memory contents\\\"],\\n \\\"likely_targets\\\": \\\"Multi-user systems, cloud instances with shared hardware, systems processing sensitive data\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Cross-VM Information Disclosure in Cloud\\\",\\n \\\"attacker_goal\\\": \\\"Extract sensitive data from co-located virtual machines on shared hardware\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker provisions cloud instance on shared physical host\\\", \\\"Attacker executes Spectre exploit code within their VM\\\", \\\"Attacker uses side-channel to sample cache timing from other VMs' memory access patterns\\\"],\\n \\\"likely_targets\\\": \\\"Multi-tenant cloud environments, IaaS platforms, virtualized data centers\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Hardware microcode updates + OS kernel patches\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Apply vendor-provided microcode/firmware updates for all affected Intel/ARM processors across enterprise infrastructure.\\\",\\n \\\"Deploy operating system kernel patches that implement speculative execution barriers (e.g., Red Hat RHSA-2018:2384, RHSA-2018:2390).\\\",\\n \\\"Segment critical workloads using hardware-isolated environments to prevent cross-VM exploitation in virtualized deployments.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disable hyperthreading on critical systems (reduces side-channel effectiveness but impacts performance); restrict local code execution capabilities\\\",\\n \\\"patching_notes\\\": \\\"Patching requires coordinated hardware firmware updates and OS kernel patches. Performance degradation may occur due to speculative execution restrictions. Test patches in non-production environments first.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify microcode/firmware versions on all systems match vendor-recommended levels using platform-specific tools (e.g., Intel System Update Utility).\\\",\\n \\\"Confirm OS kernel patches are installed and active by checking kernel version and Spectre mitigation status (e.g., /sys/devices/system/cpu/vulnerabilities/spectre_v1).\\\",\\n \\\"Monitor system performance post-patch to identify any degradation requiring tuning or rollback.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Microcode updates may require system reboot; OS kernel patches can be rolled back via package management. Document performance baseline before patching to support rollback decisions.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for unusual CPU-intensive processes executing cache timing measurement patterns (high-resolution timing calls, repeated memory access to specific addresses).\\\",\\n \\\"Alert on attempts to read /dev/mem or /dev/kmem devices, which may indicate attempts to map kernel memory for side-channel analysis.\\\",\\n \\\"Hunt for processes with suspicious memory mapping patterns (e.g., mapping large kernel address ranges) using EDR tools or sysmon logs.\\\",\\n \\\"Detect execution of known Spectre proof-of-concept code signatures using file integrity monitoring and anti-malware tools.\\\",\\n \\\"Monitor for unexpected outbound network connections from systems that may indicate exfiltration of stolen credentials or keys.\\\",\\n \\\"Correlate performance monitoring data (CPU cache miss rates, branch prediction efficiency) with process execution to identify potential exploitation attempts.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00916 (0.92 percentile)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High: affects hardware supply chain (Intel, ARM processors) and downstream vendors (Oracle, Schneider, NetApp, Red Hat)\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Fixed versions\\\", \\\"Detailed exploit technical details\\\", \\\"Vendor-specific mitigation guidance beyond Red Hat\\\", \\\"Performance impact quantification\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS score discrepancy: cves_euvd shows 0.9200 while cves_epss shows 0.00916 - using cves_epss value as more recent (2025-11-23)\\\", \\\"Severity label 'MEDIUM' conflicts with high confidentiality impact - reflects CVSS 5.6 base score\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed local access requirement based on CVSS vector AV:L\\\", \\\"Inferred multi-tenant cloud risk from speculative execution nature\\\", \\\"Assumed performance impact from speculative execution restrictions\\\"],\\n \\\"confidence\\\": \\\"Medium: Core vulnerability details are clear, but missing vendor-specific remediation timelines and performance impact data limit actionable guidance\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://access.redhat.com/errata/RHSA-2018:2384\\\",\\n \\\"https://access.redhat.com/errata/RHSA-2018:2390\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"1\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2018-18558\",\n            \"component_name\": \"esp-idf\",\n            \"component_version\": \"5.4\",\n            \"component_cpe\": \"cpe:2.3:a:espressif:esp_idf:5.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:github/espressif/esp-idf@v5.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2018-18558\\\",\\n \\\"title\\\": \\\"Espressif ESP-IDF 2.x/3.x Secure Boot Bypass via Bootloader Crafted Payload\\\",\\n \\\"short_description\\\": \\\"Insufficient validation in the 2nd stage bootloader allows a physically proximate attacker to bypass secure boot checks and execute arbitrary code by crafting an application binary that overwrites bootloader code segments.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability undermines the secure boot mechanism in Espressif ESP32 IoT devices, permitting arbitrary code execution before OS initialization. Physical access enables attackers to compromise device integrity, deploy persistent firmware implants, exfiltrate secrets, or pivot to connected networks. The risk is elevated when flash encryption is disabled or when an attacker extracts keys, and it affects a wide range of IoT/embedded products built on ESP-IDF.\\\",\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.0\\\",\\n \\\"cvss_base_score\\\": \\\"6.4\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-494: Download of Code Without Integrity Check\\\"],\\n \\\"weakness_summary\\\": \\\"The 2nd stage bootloader fails to properly validate segment data in the ESP image format, allowing a malicious application binary to overwrite bootloader code during the image-loading process.\\\",\\n \\\"attack_surface\\\": \\\"Physical access to flash memory or UART; exploitation occurs during boot before secure boot signature checks complete.\\\"\\n },\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires physical access, high attack complexity, and the ability to write a crafted binary to flash. No authentication or user interaction is needed, but the attacker must defeat flash encryption or operate where it is disabled.\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of in-the-wild exploitation in input data\\\", \\\"No public PoC references in input data\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"No\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"High\\\"\\n }\\n },\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"Physical access requirement and high complexity reduce immediate risk, but successful exploitation yields full device compromise. Prioritize patching in exposed or sensitive IoT deployments; pair with flash encryption and tamper protections.\\\",\\n \\\"recommended_sla\\\": \\\"Apply patches within 90 days; verify flash encryption is enabled and secure boot configured.\\\"\\n },\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"High confidentiality, integrity, and availability impact on the device; potential lateral movement if the device is network-connected.\\\",\\n \\\"technical_impact_details\\\": \\\"Arbitrary code execution at boot time bypasses secure boot, enabling persistent implants, key extraction, and firmware modification.\\\",\\n \\\"blast_radius\\\": \\\"Allows device-level compromise; network exposure and device fleet homogeneity amplify organizational risk.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Physical access barrier limits widespread abuse, but IoT devices in untrusted locations or with disabled flash encryption face significant risk of persistent compromise and supply-chain tampering.\\\"\\n },\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Espressif ESP-IDF\\\"],\\n \\\"affected_versions\\\": \\\"ESP-IDF 2.x and 3.x before 3.0.6, and 3.1.x before 3.1.1\\\",\\n \\\"fixed_versions\\\": \\\"ESP-IDF 3.0.6 and 3.1.1\\\",\\n \\\"configuration_dependencies\\\": \\\"Risk is highest when flash encryption is not enabled or when an attacker extracts encryption keys.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Devices exposed to physical tampering (e.g., field IoT) are most relevant; network exposure alone is insufficient without physical access.\\\"\\n },\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Physical Tampering to Bypass Secure Boot\\\",\\n \\\"attacker_goal\\\": \\\"Install persistent firmware backdoor on an ESP32-based sensor or controller.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker gains physical access to device and connects a flash programmer or UART.\\\", \\\"Attacker reads flash contents and extracts keys if flash encryption is enabled; if disabled, proceeds directly.\\\", \\\"Attacker crafts a malicious application binary that overwrites the bootloader segment during process_segment, then flashes it to execute arbitrary code at next boot.\\\"],\\n \\\"likely_targets\\\": \\\"Field-deployed IoT sensors, smart devices, or embedded controllers in semi-trusted environments.\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Supply-Chain Implant via Bootloader Corruption\\\",\\n \\\"attacker_goal\\\": \\\"Infect devices before deployment by injecting a malicious payload that bypasses secure boot.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker intercepts or tampers with devices during manufacturing or logistics.\\\", \\\"Attacker flashes a crafted binary that corrupts the bootloader’s segment handling to skip signature checks.\\\", \\\"Compromised device boots into attacker code, establishing persistence and exfiltrating credentials or data once deployed.\\\"],\\n \\\"likely_targets\\\": \\\"Bare PCBs or pre-flashed modules in transit; devices without flash encryption or with default keys.\\\"\\n }\\n ],\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Harden\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade ESP-IDF to version 3.0.6 or 3.1.1 (or later) to enforce proper segment validation in the 2nd stage bootloader.\\\",\\n \\\"Enable and enforce flash encryption with unique device keys, and implement secure boot with signature verification.\\\",\\n \\\"Apply physical tamper protections (tamper-evident enclosures, glue logic, secure debug disable) and restrict UART/flash access.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Enable flash encryption and secure boot if not already configured; restrict physical access to devices.\\\",\\n \\\"patching_notes\\\": \\\"Patching requires reflashing the bootloader and application; verify that existing keys and configurations remain valid post-update.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify the ESP-IDF version on devices matches 3.0.6+ or 3.1.1+ via boot logs or esptool.py.\\\",\\n \\\"Confirm flash encryption is active and secure boot is enabled using espefuse.py summary.\\\",\\n \\\"Perform integrity checks on bootloader and partition tables; monitor boot logs for anomalies.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Backup device configurations and keys before patching; test updates on non-production devices to avoid bricking.\\\"\\n },\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor boot logs for unexpected resets, bootloader errors, or signature verification failures.\\\",\\n \\\"Use EDR/asset inventory to flag ESP32 devices running outdated ESP-IDF versions.\\\",\\n \\\"Hunt for anomalous flash write patterns or unexpected application binaries via runtime attestation.\\\",\\n \\\"Deploy network monitoring to detect unusual outbound traffic from IoT devices post-boot.\\\",\\n \\\"Perform periodic physical inspections for tamper evidence on field-deployed devices.\\\",\\n \\\"Leverage secure boot failure counters and efuse state to identify attempted exploitation.\\\"\\n ],\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00036\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High relevance for supply-chain attacks due to physical access vector and boot-time compromise.\\\"\\n },\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed technical write-up or PoC\\\", \\\"Vendor-provided exploitability notes\\\", \\\"CISA KEV status\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS percentile discrepancy: cves_euvd reports 0.0400 while cves_epss reports 0.00036; using cves_epss as authoritative source.\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed 'physically proximate attacker' implies physical access to device interfaces (UART, flash).\\\", \\\"Assumed 'process_segment' refers to esp_image_format.c handling of segment loading.\\\"],\\n \\\"confidence\\\": \\\"Medium confidence due to limited exploit evidence and lack of detailed vendor advisory text in input.\\\"\\n },\\n \\\"references\\\": [\\n \\\"https://github.com/espressif/esp-idf/releases\\\",\\n \\\"https://www.espressif.com/en/news/Espressif_Product_Security_Advisory_Concerning_Secure_Boot_%28CVE-2018-18558%29\\\"\\n ],\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"46\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2017-13079\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2017-13079\\\",\\n \\\"title\\\": \\\"WPA/WPA2 IGTK Reinstallation Vulnerability (KRACK)\\\",\\n \\\"short_description\\\": \\\"Wi-Fi Protected Access (WPA and WPA2) implementations supporting IEEE 802.11w allow reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake. An attacker within radio range can exploit this to spoof frames from access points to clients, potentially injecting forged group-addressed frames.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability enables attackers within radio range to spoof group-addressed frames from access points to clients, undermining the integrity of multicast/broadcast Wi‑Fi traffic. While it does not directly expose unicast data, it can be used to inject malicious management or control frames, disrupt connectivity, or facilitate man-in-the-middle attacks. The flaw affects a wide range of operating systems and Wi‑Fi stacks, making it a systemic risk for enterprise wireless networks.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.0\\\",\\n \\\"cvss_base_score\\\": \\\"5.3\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-323: Reusing a Nonce, Key Pair in Encryption\\\"],\\n \\\"weakness_summary\\\": \\\"The vulnerability stems from improper handling of the four-way handshake, allowing an attacker to force reinstallation of the IGTK. This reuse of the IGTK nonce enables frame spoofing against group-addressed traffic.\\\",\\n \\\"attack_surface\\\": \\\"Wireless networks using WPA or WPA2 with IEEE 802.11w support; the attacker must be within radio range and able to manipulate handshake messages.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Public PoC\\\",\\n \\\"exploit_summary\\\": \\\"Public proof-of-concept tools (e.g., KRACK attacks) demonstrate reliable exploitation. Attackers within radio range can intercept and replay handshake messages to force IGTK reinstallation and spoof frames.\\\",\\n \\\"evidence_signals\\\": [\\\"Public research and demonstrations of KRACK attacks are widely available.\\\", \\\"CVSS 3.0 metrics indicate adjacent network access and high attack complexity.\\\", \\\"No explicit evidence of active in-the-wild exploitation is present in the input data.\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Adjacent (wireless radio range)\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"High\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"The vulnerability has a moderate CVSS score (5.3) with high attack complexity and requires physical proximity. Public PoCs exist, but no evidence of widespread exploitation. Prioritize patching during regular maintenance windows for affected wireless infrastructure and clients.\\\",\\n \\\"recommended_sla\\\": \\\"Patch within 30–60 days; prioritize internet-facing or high-sensitivity wireless networks sooner.\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Integrity impact is high (I:H), with no direct confidentiality or availability impact. Attackers can spoof group-addressed frames, potentially injecting malicious content or disrupting network operations.\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation allows spoofing of multicast/broadcast frames from AP to clients. This could enable injection of rogue management frames, ARP/DHCP poisoning, or bypassing network controls. Unicast data remains protected by the Pairwise Transient Key (PTK).\\\",\\n \\\"blast_radius\\\": \\\"All clients and access points on affected WPA/WPA2 networks within radio range are potentially vulnerable. The impact is localized to the wireless segment but can affect entire subnets if group-addressed traffic is manipulated.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to the need for physical proximity and high attack complexity. However, the widespread deployment of affected systems and the potential for frame injection in enterprise environments warrant proactive patching. Organizations with critical wireless-dependent operations or high-security requirements should treat this as a higher priority.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"w1.fi hostapd\\\", \\\"w1.fi wpa_supplicant\\\", \\\"Ubuntu Linux\\\", \\\"Debian Linux\\\", \\\"FreeBSD\\\", \\\"Red Hat Enterprise Linux\\\", \\\"SUSE Linux Enterprise\\\", \\\"OpenSUSE Leap\\\"],\\n \\\"affected_versions\\\": \\\"Multiple versions of hostapd and wpa_supplicant up to and including 2.6; various OS distributions (Ubuntu 14.04/16.04/17.04, Debian 8.0/9.0, FreeBSD 10/11, RHEL 7, SUSE SLE 11/12, OpenSUSE Leap 42.2/42.3).\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires WPA/WPA2 with IEEE 802.11w support enabled. Networks without 802.11w are not affected by this specific IGTK reinstallation issue.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Indirect relevance: Internet-facing wireless networks or guest Wi-Fi may be more exposed to nearby attackers, but exploitation requires radio proximity, not internet routability.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Group-Addressed Frame Injection\\\",\\n \\\"attacker_goal\\\": \\\"Spoof multicast/broadcast frames to disrupt network operations or inject malicious content.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker positions within radio range of target WPA/WPA2 network.\\\", \\\"Attacker intercepts and replays the four-way handshake to force IGTK reinstallation.\\\", \\\"Attacker uses the compromised IGTK to forge and inject group-addressed frames (e.g., ARP, DHCP, or management frames).\\\"],\\n \\\"likely_targets\\\": \\\"Enterprise wireless networks, guest Wi-Fi, IoT devices relying on multicast protocols.\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Man-in-the-Middle via Frame Spoofing\\\",\\n \\\"attacker_goal\\\": \\\"Facilitate man-in-the-middle attacks by manipulating group-addressed traffic.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker exploits IGTK reinstallation to spoof group-addressed frames.\\\", \\\"Attacker injects malicious ARP or DHCP responses to redirect client traffic.\\\", \\\"Attacker intercepts or modifies unicast traffic after successful redirection.\\\"],\\n \\\"likely_targets\\\": \\\"Corporate Wi-Fi networks with high client density; environments where multicast protocols are trusted.\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Apply vendor-provided patches for affected operating systems and Wi-Fi stacks (e.g., hostapd, wpa_supplicant) to prevent IGTK reinstallation.\\\",\\n \\\"Disable IEEE 802.11w on access points and clients if not required, as this vulnerability specifically affects implementations with 802.11w support.\\\",\\n \\\"Implement network segmentation and monitoring to detect anomalous group-addressed frame patterns or handshake manipulation attempts.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disable 802.11w if feasible; use wired connections for critical systems; restrict physical access to wireless coverage areas.\\\",\\n \\\"patching_notes\\\": \\\"Coordinate patching with change control processes; test patches in non-production environments first. Prioritize internet-facing or high-risk wireless networks.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify patch installation by checking hostapd/wpa_supplicant versions against vendor advisories.\\\",\\n \\\"Test wireless connectivity and performance post-patch to ensure no degradation.\\\",\\n \\\"Use wireless intrusion detection systems (WIDS) to monitor for handshake replay attempts or frame spoofing.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain pre-patch configurations and firmware backups; plan rollback procedures if patching causes connectivity issues.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for repeated four-way handshake messages or unexpected IGTK reinstallations using WIDS or packet analysis tools.\\\",\\n \\\"Alert on anomalous group-addressed frame patterns, such as unexpected ARP or DHCP broadcasts from APs.\\\",\\n \\\"Hunt for client-side disconnections or connectivity disruptions coinciding with handshake anomalies.\\\",\\n \\\"Analyze wireless logs for MAC addresses exhibiting handshake replay behavior or frame injection attempts.\\\",\\n \\\"Deploy endpoint detection (EDR) to identify clients receiving spoofed multicast frames or exhibiting MITM symptoms.\\\",\\n \\\"Correlate Wi-Fi events with network-level anomalies (e.g., ARP table poisoning, rogue DHCP servers).\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Public PoC tools for KRACK attacks are referenced in research; no specific URLs provided in input.\\\",\\n \\\"epss\\\": \\\"0.00265 (EPSS) / 0.2600 (EUV variant); both indicate low exploitation probability.\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High relevance due to widespread use of affected Wi-Fi stacks across operating systems and embedded devices.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Fixed versions not specified\\\", \\\"No explicit CISA KEV or in-the-wild exploitation data\\\", \\\"Limited vendor advisory links\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS scores vary between sources (0.00265 vs 0.2600); using EPSS source value (0.00265) as authoritative.\\\", \\\"Severity label 'MEDIUM' conflicts with potential high impact in some contexts; aligned with CVSS 3.0 base score.\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed 'Public PoC' status based on KRACK research, though no explicit PoC URL provided.\\\", \\\"Inferred attack scenarios from vulnerability description and Wi-Fi security principles.\\\"],\\n \\\"confidence\\\": \\\"Medium-High: Core vulnerability details are clear, but missing patch and exploitation specifics limit full confidence.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html\\\",\\n \\\"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"90\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2020-36425\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2020-36425\\\",\\n \\\"title\\\": \\\"Arm Mbed TLS CRL Revocation Date Check Bypass\\\",\\n \\\"short_description\\\": \\\"Arm Mbed TLS before 2.24.0 incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. An attacker can exploit this by changing the local clock to bypass revocation checks.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows attackers to bypass certificate revocation checks by manipulating the local system clock, potentially enabling the use of revoked certificates and undermining PKI trust. It affects systems relying on Mbed TLS for TLS/DTLS connections and CRL-based revocation, which is common in IoT devices and embedded systems.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"5.3\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-295\\\"],\\n \\\"weakness_summary\\\": \\\"Improper Certificate Validation - The implementation incorrectly validates certificate revocation status by checking against the local system clock rather than proper certificate validity periods and revocation timestamps.\\\",\\n \\\"attack_surface\\\": \\\"TLS/DTLS certificate validation in Mbed TLS library; CRL (Certificate Revocation List) processing; systems with clock manipulation capabilities\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires network access and ability to manipulate the local system clock, but no authentication or user interaction. The attack complexity is low, making it moderately exploitable in environments where clock control is possible.\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of in-the-wild exploitation in input data\\\", \\\"EPSS score suggests low real-world exploitation likelihood\\\", \\\"Public GitHub issue referenced but no PoC exploit mentioned\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Network\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity with moderate exploitability. While the vulnerability affects certificate validation integrity, exploitation requires clock manipulation capability and affects specific Mbed TLS deployments. No active exploitation evidence. Schedule patching within standard maintenance windows.\\\",\\n \\\"recommended_sla\\\": \\\"90 days for critical systems; 180 days for standard deployments\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Integrity impact - revoked certificates may be accepted as valid, potentially enabling man-in-the-middle attacks or unauthorized access\\\",\\n \\\"technical_impact_details\\\": \\\"When an attacker can control the system clock, revoked certificates appear valid if the clock is set before the revocation date. This breaks the certificate revocation mechanism and undermines PKI trust chains.\\\",\\n \\\"blast_radius\\\": \\\"Limited to systems using Mbed TLS <2.24.0 with CRL-based revocation enabled. Higher risk for IoT devices, embedded systems, and environments where clock manipulation is feasible.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to integrity impact on certificate validation. Risk is elevated in IoT/embedded deployments and systems with weak clock security controls, but mitigated by the specific prerequisites required for exploitation.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Arm Mbed TLS\\\", \\\"Debian Linux 10.0\\\"],\\n \\\"affected_versions\\\": \\\"Mbed TLS versions before 2.24.0; Debian 10.0 (Buster) with vulnerable Mbed TLS packages\\\",\\n \\\"fixed_versions\\\": \\\"Mbed TLS 2.24.0 and later\\\",\\n \\\"configuration_dependencies\\\": \\\"Systems must have CRL-based certificate revocation enabled and be susceptible to clock manipulation\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High relevance for internet-facing systems using Mbed TLS with certificate validation, particularly IoT devices and embedded systems exposed to network attacks\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Clock Manipulation Bypass Attack\\\",\\n \\\"attacker_goal\\\": \\\"Bypass certificate revocation checks to use revoked certificates for MITM or unauthorized access\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker gains ability to manipulate target system clock (via NTP poisoning, system access, or vulnerable time services)\\\", \\\"System clock set to date before certificate revocation date\\\", \\\"Mbed TLS accepts revoked certificate as valid due to incorrect revocationDate check\\\", \\\"Attacker establishes TLS connection using revoked certificate\\\"],\\n \\\"likely_targets\\\": \\\"IoT devices, embedded systems, systems with weak NTP security, devices in untrusted network environments\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Supply Chain Compromise\\\",\\n \\\"attacker_goal\\\": \\\"Deploy malicious firmware update using revoked signing certificate\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker compromises certificate authority or obtains revoked code signing certificate\\\", \\\"Target device clock manipulated to appear before revocation date\\\", \\\"Malicious firmware signed with revoked certificate accepted by Mbed TLS validation\\\", \\\"Device executes malicious firmware with system privileges\\\"],\\n \\\"likely_targets\\\": \\\"Embedded devices, IoT gateways, systems with automated update mechanisms and weak clock controls\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Hardening\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade Mbed TLS to version 2.24.0 or later to fix the revocation date check logic.\\\",\\n \\\"Implement strong NTP security controls including authenticated time sources and tamper detection for clock changes.\\\",\\n \\\"Deploy network monitoring to detect unusual clock changes and certificate validation failures in TLS connections.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disable CRL-based revocation if not required; implement additional certificate pinning; use OCSP stapling instead of CRL checks where supported\\\",\\n \\\"patching_notes\\\": \\\"Test Mbed TLS 2.24.0+ compatibility with existing applications before deployment. Verify CRL functionality post-upgrade. Consider backward compatibility with older certificate chains.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify Mbed TLS version is 2.24.0 or later using library version check functions.\\\",\\n \\\"Test certificate revocation with current system time and verify proper rejection of revoked certificates.\\\",\\n \\\"Validate that clock manipulation no longer affects certificate validation by testing with modified system time.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous Mbed TLS version and configuration. Test rollback procedures for applications dependent on specific TLS library behavior.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor system logs for unusual clock changes, NTP configuration modifications, or time service anomalies\\\",\\n \\\"Alert on TLS handshake failures or certificate validation errors in Mbed TLS applications\\\",\\n \\\"Hunt for connections using certificates with future or past validity periods relative to expected time ranges\\\",\\n \\\"Detect repeated certificate validation attempts with varying system clock settings\\\",\\n \\\"Monitor for CRL download failures or unusual CRL processing patterns in Mbed TLS logs\\\",\\n \\\"Alert on successful TLS connections using certificates known to be revoked in external threat intelligence\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00299\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - affects TLS library used in IoT and embedded devices; could enable supply chain attacks if combined with clock manipulation\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed affected version ranges for Debian packages\\\", \\\"Vendor patch release dates\\\", \\\"Specific CWE identifier\\\", \\\"Exploit maturity assessment\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS scores show discrepancy between sources (0.3000 vs 0.00299) - using latest EPSS value\\\", \\\"Limited information on real-world exploitation evidence\\\"],\\n \\\"assumptions_made\\\": [\\\"Clock manipulation capability assumed to be achievable through various attack vectors\\\", \\\"CRL-based revocation assumed to be enabled in affected deployments\\\", \\\"IoT/embedded systems considered primary risk area based on Mbed TLS typical usage\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details clear from description and references, but limited information on exploitation prevalence and specific deployment scenarios\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://bugs.gentoo.org/740108\\\",\\n \\\"https://github.com/ARMmbed/mbedtls/issues/3340\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"66\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2023-52160\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2023-52160\\\",\\n \\\"title\\\": \\\"wpa_supplicant PEAP Authentication Bypass\\\",\\n \\\"short_description\\\": \\\"PEAP implementation in wpa_supplicant through version 2.10 contains a logic flaw that allows attackers to bypass Phase 2 authentication when TLS certificate verification is disabled, enabling impersonation of Enterprise Wi-Fi networks.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows adversaries to impersonate legitimate Enterprise Wi-Fi networks, potentially leading to credential harvesting, man-in-the-middle attacks, and unauthorized network access. The impact is particularly significant in enterprise environments where Wi-Fi authentication is a primary security boundary.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"6.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-287\\\"],\\n \\\"weakness_summary\\\": \\\"Improper Authentication - The vulnerability exploits a flaw in PEAP implementation where EAP-TLV Success packets can bypass Phase 2 authentication when TLS certificate verification is disabled during Phase 1.\\\",\\n \\\"attack_surface\\\": \\\"Wi-Fi authentication layer, specifically PEAP protocol implementation in wpa_supplicant clients\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires the client to be configured with disabled TLS certificate verification and the attacker to send crafted EAP-TLV Success packets. No authentication is required, but user interaction (connecting to malicious network) is needed.\\\",\\n \\\"evidence_signals\\\": [\\\"EPSS score 0.03378 (3.38%)\\\", \\\"No evidence of active exploitation in input data\\\", \\\"Public vulnerability disclosure with technical details\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Local network access (Wi-Fi radio range)\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"Required (user must connect to malicious network)\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low (requires specific client configuration)\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity with moderate exploitability. Requires specific client configuration (disabled TLS verification) and user interaction. No evidence of active exploitation. Priority should focus on identifying misconfigured clients and applying patches during regular maintenance cycles.\\\",\\n \\\"recommended_sla\\\": \\\"30-60 days for patch deployment\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Confidentiality impact is high (potential credential compromise), but requires specific configuration and user interaction. No integrity or availability impact.\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation allows attackers to impersonate Enterprise Wi-Fi networks, potentially capturing authentication credentials and conducting man-in-the-middle attacks against network traffic.\\\",\\n \\\"blast_radius\\\": \\\"Medium - affects wpa_supplicant clients with PEAP configuration and disabled TLS certificate verification. Wide platform distribution (Linux, Android, Chrome OS, enterprise Linux distributions).\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to credential harvesting potential, but mitigated by requirement for specific client misconfiguration. Risk increases in environments with lax Wi-Fi security policies or widespread use of certificate verification bypass.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"wpa_supplicant\\\", \\\"Debian Linux\\\", \\\"Fedora\\\", \\\"Red Hat Enterprise Linux\\\", \\\"Android\\\", \\\"Chrome OS\\\", \\\"Linux Kernel\\\"],\\n \\\"affected_versions\\\": \\\"wpa_supplicant through version 2.10\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires wpa_supplicant configured with PEAP and disabled TLS certificate verification during Phase 1 authentication\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Low - requires local Wi-Fi network access, not directly internet-exposed\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Enterprise Wi-Fi Impersonation Attack\\\",\\n \\\"attacker_goal\\\": \\\"Harvest enterprise credentials and intercept network traffic\\\",\\n \\\"steps_high_level\\\": [\\\"Set up rogue access point mimicking legitimate enterprise network\\\", \\\"Configure malicious RADIUS server with EAP-TLV Success packet injection capability\\\", \\\"Wait for misconfigured clients to connect and bypass Phase 2 authentication\\\"],\\n \\\"likely_targets\\\": \\\"Mobile devices and laptops with disabled certificate verification in enterprise environments\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Credential Harvesting via Evil Twin\\\",\\n \\\"attacker_goal\\\": \\\"Capture Wi-Fi authentication credentials\\\",\\n \\\"steps_high_level\\\": [\\\"Deploy evil twin access point with identical SSID to target network\\\", \\\"Exploit PEAP vulnerability to bypass authentication requirements\\\", \\\"Capture credentials and sensitive data from connected clients\\\"],\\n \\\"likely_targets\\\": \\\"Users with devices configured to automatically connect to trusted networks without certificate validation\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Configuration hardening and patch management\\\",\\n \\\"mitigation_action\\\": [\\\"Enforce mandatory TLS certificate verification for all PEAP connections in wpa_supplicant configuration\\\", \\\"Update wpa_supplicant to version 2.11 or later when available\\\", \\\"Implement network access control (NAC) to detect and block rogue access points\\\"],\\n \\\"workarounds\\\": \\\"Enable strict certificate verification for PEAP authentication; implement 802.1X network access control\\\",\\n \\\"patching_notes\\\": \\\"Check vendor-specific patch availability for affected distributions. Debian, Fedora, and RHEL have published security updates.\\\",\\n \\\"verification_steps\\\": [\\\"Verify wpa_supplicant configuration enforces certificate verification\\\", \\\"Test PEAP authentication with invalid certificates to confirm rejection\\\", \\\"Audit network for rogue access points and unauthorized Wi-Fi networks\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of wpa_supplicant configuration files before changes; test authentication functionality post-patch\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for unexpected EAP-TLV Success packets in RADIUS authentication logs\\\",\\n \\\"Detect clients connecting to networks with disabled certificate verification using EDR/supplicant logs\\\",\\n \\\"Hunt for rogue access points broadcasting enterprise SSIDs using wireless intrusion detection systems\\\",\\n \\\"Monitor for authentication bypass events in wpa_supplicant debug logs\\\",\\n \\\"Detect man-in-the-middle patterns in network traffic analysis\\\",\\n \\\"Identify clients with misconfigured PEAP settings through configuration management audits\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.03378\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - affects core Wi-Fi authentication component widely distributed across Linux-based systems and embedded devices\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Fixed version information\\\", \\\"Detailed exploit technical documentation\\\", \\\"Vendor patch availability timeline\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS scores show discrepancy between sources (3.38% vs 0.03378)\\\", \\\"Limited information on exploitability conditions and real-world attack scenarios\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed 'through 2.10' means versions 2.10 and earlier are affected\\\", \\\"Inferred exploitability based on CVSS metrics and vulnerability description\\\"],\\n \\\"confidence\\\": \\\"Medium - core vulnerability details are clear, but limited information on exploitation techniques and real-world impact\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://lists.debian.org/debian-lts-announce/2024/02/msg00013.html\\\",\\n \\\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N46C4DTVUWK336OYDA4LGALSC5VVPTCC/\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"12\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2022-24893\",\n            \"component_name\": \"esp-idf\",\n            \"component_version\": \"5.4\",\n            \"component_cpe\": \"cpe:2.3:a:espressif:esp_idf:5.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:github/espressif/esp-idf@v5.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2022-24893\\\",\\n \\\"title\\\": \\\"ESP-IDF ESP-BLE-MESH Memory Corruption During Provisioning\\\",\\n \\\"short_description\\\": \\\"In Espressif’s Bluetooth Mesh SDK (ESP-BLE-MESH), a memory corruption vulnerability can be triggered during provisioning due to missing validation of the SegN field in the Transaction Start PDU, potentially allowing an attacker to gain control of the entire system.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows an unauthenticated attacker with adjacent network access to potentially achieve full system control via memory corruption during the Bluetooth Mesh provisioning process. Successful exploitation could compromise device integrity, availability, and confidentiality, and may enable further lateral movement within a mesh network. The affected component (ESP-BLE-MESH SDK) is widely used in Espressif-based IoT devices, increasing the potential blast radius in environments with deployed ESP32/ESP8266-based mesh nodes.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"7.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\\\",\\n \\\"severity_label\\\": \\\"HIGH\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-787\\\"],\\n \\\"weakness_summary\\\": \\\"Out-of-bounds write due to insufficient validation of the SegN field in the Transaction Start PDU during Bluetooth Mesh provisioning, leading to memory corruption.\\\",\\n \\\"attack_surface\\\": \\\"Bluetooth Low Energy (BLE) mesh provisioning interface; requires adjacent network access to the target device during provisioning phase.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires adjacent network access and specific timing during the provisioning process, with high attack complexity. No evidence of in-the-wild exploitation or public PoC was found in the input data.\\\",\\n \\\"evidence_signals\\\": [\\\"No explicit evidence of active exploitation in input data\\\", \\\"No public PoC references in input data\\\", \\\"EPSS score suggests relatively low exploitation likelihood\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Adjacent (AV:A)\\\",\\n \\\"authentication_required\\\": \\\"None (PR:N)\\\",\\n \\\"user_interaction_required\\\": \\\"None (UI:N)\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"High (AC:H)\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"High - Urgent Verification\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"High CVSS score (7.5) with potential for complete system compromise, but high attack complexity and adjacent-only access reduce immediate risk. Requires urgent verification of affected device inventory and provisioning practices, followed by patching.\\\",\\n \\\"recommended_sla\\\": \\\"Initial verification within 72 hours; patching within 30 days for exposed devices\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"High impact on confidentiality, integrity, and availability (C:H/I:H/A:H) with potential for complete system control.\\\",\\n \\\"technical_impact_details\\\": \\\"Memory corruption during BLE mesh provisioning can lead to arbitrary code execution, device crash, or unauthorized access to mesh network cryptographic material and configuration.\\\",\\n \\\"blast_radius\\\": \\\"Medium to High - affects all ESP-IDF versions 4.1.3, 4.2.3, 4.3.2, 4.4.1 and potentially other versions using ESP-BLE-MESH SDK. Impact scales with number of deployed Espressif-based IoT devices in mesh configurations.\\\",\\n \\\"business_risk_rating\\\": \\\"4\\\",\\n \\\"business_risk_justification\\\": \\\"High technical severity with potential for complete device compromise, but mitigated by high attack complexity and adjacent-only access requirements. Risk is elevated in environments with large-scale IoT deployments, critical infrastructure IoT systems, or devices with internet-accessible BLE interfaces.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Espressif ESP-IDF\\\", \\\"ESP-BLE-MESH SDK\\\"],\\n \\\"affected_versions\\\": \\\"ESP-IDF 4.1.3, 4.2.3, 4.3.2, 4.4.1 (and potentially other versions)\\\",\\n \\\"fixed_versions\\\": \\\"Patches available for branches 4.1, 4.2, 4.3, and 4.4\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires devices using ESP-BLE-MESH SDK with Bluetooth Mesh provisioning enabled\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Devices with internet-accessible BLE interfaces or mesh gateways may be indirectly exposed; direct exploitation requires adjacent network access\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Adjacent Network Device Compromise During Provisioning\\\",\\n \\\"attacker_goal\\\": \\\"Gain control of target IoT device during Bluetooth mesh provisioning process\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker positions within BLE range of target device during provisioning\\\", \\\"Attacker sends malicious Transaction Start PDU with crafted SegN field\\\", \\\"Target device experiences memory corruption leading to potential code execution\\\"],\\n \\\"likely_targets\\\": \\\"ESP32/ESP8266-based IoT devices undergoing mesh network provisioning in enterprise IoT deployments, smart building systems, or industrial IoT environments\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Mesh Network Lateral Movement\\\",\\n \\\"attacker_goal\\\": \\\"Compromise multiple devices in a Bluetooth mesh network through cascading exploitation\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker compromises initial device during provisioning using CVE-2022-24893\\\", \\\"Compromised device is used to attack other devices during their provisioning phases\\\", \\\"Attacker establishes persistent access across the mesh network\\\"],\\n \\\"likely_targets\\\": \\\"Large-scale Bluetooth mesh deployments such as smart lighting systems, building automation, or sensor networks where multiple devices are provisioned in sequence\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Management\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade ESP-IDF to patched versions on branches 4.1, 4.2, 4.3, or 4.4 as specified in vendor advisories.\\\",\\n \\\"Implement network segmentation to isolate Bluetooth mesh provisioning activities from untrusted networks and devices.\\\",\\n \\\"Enable monitoring and logging for Bluetooth mesh provisioning events to detect anomalous SegN field values or provisioning failures.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Restrict physical and RF access to devices during provisioning; implement provisioning in controlled environments; use network access controls to limit BLE exposure\\\",\\n \\\"patching_notes\\\": \\\"Patches are available across multiple ESP-IDF branches (4.1, 4.2, 4.3, 4.4); organizations should prioritize patching based on device exposure and criticality. Verify compatibility with existing firmware before deployment.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Inventory all Espressif-based devices and verify ESP-IDF versions against affected version list.\\\",\\n \\\"Review Bluetooth mesh provisioning logs for any anomalous activity or failed provisioning attempts.\\\",\\n \\\"Test patched firmware in isolated environment before production deployment to ensure functionality and compatibility.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of current firmware before patching; ensure provisioning process can be safely interrupted and resumed; validate mesh network connectivity post-rollback\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor BLE provisioning traffic for anomalous SegN field values or out-of-range parameters in Transaction Start PDUs\\\",\\n \\\"Alert on repeated failed provisioning attempts or device crashes during Bluetooth mesh setup\\\",\\n \\\"Hunt for unexpected device behavior or memory corruption indicators in ESP32/ESP8266 system logs\\\",\\n \\\"Monitor for unauthorized devices attempting to provision or join mesh networks\\\",\\n \\\"Search for abnormal memory usage patterns or stack/heap corruption in Espressif device logs\\\",\\n \\\"Correlate timing of device provisioning events with any reported security incidents or anomalies\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00109\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - affects Espressif's official development framework used in numerous IoT products; patching requires firmware updates to embedded devices\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed affected version ranges beyond specific point releases\\\", \\\"Exact patch versions or commit hashes\\\", \\\"Information about backporting to older branches\\\", \\\"Vendor-specific exploitability assessments\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS scores show discrepancy between sources (0.1100 vs 0.00109)\\\", \\\"Limited detail on whether vulnerability affects only provisioning phase or persists post-provisioning\\\", \\\"Unclear if vulnerability requires specific ESP-BLE-MESH configuration options\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed CWE-787 based on memory corruption description\\\", \\\"Inferred that vulnerability primarily affects provisioning phase based on description\\\", \\\"Assumed adjacent network access requirement from CVSS vector\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear, but limited information about exploitation prerequisites and specific affected configurations reduces confidence in precise risk assessment\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://github.com/espressif/esp-idf/security/advisories/GHSA-7f7f-jj2q-28wm\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"35\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2015-4143\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": null,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2015-4143\\\",\\n \\\"title\\\": \\\"EAP-pwd Out-of-Bounds Read DoS in hostapd and wpa_supplicant\\\",\\n \\\"short_description\\\": \\\"The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted Commit or Confirm message payload.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability enables remote, unauthenticated attackers to crash critical Wi‑Fi authentication services (hostapd and wpa_supplicant) by sending malformed EAP-pwd messages, leading to service disruption for access points and clients. It affects a wide range of versions and can be triggered over the network without credentials, making it relevant for any deployment using EAP-pwd authentication.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"2.0\\\",\\n \\\"cvss_base_score\\\": \\\"5.0\\\",\\n \\\"cvss_vector\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-125\\\"],\\n \\\"weakness_summary\\\": \\\"Out-of-bounds read due to missing payload length validation in EAP-pwd Commit/Confirm message handling.\\\",\\n \\\"attack_surface\\\": \\\"Network-accessible EAP-pwd authentication endpoints (hostapd server or wpa_supplicant peer).\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Remote, unauthenticated attackers can trigger a DoS via crafted EAP-pwd messages; no public PoC or in-the-wild exploitation is indicated in the input data.\\\",\\n \\\"evidence_signals\\\": [\\\"No explicit evidence of active exploitation in input data\\\", \\\"EPSS score suggests low real-world exploitation likelihood\\\", \\\"Vendor security advisory referenced in input\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity DoS with remote, unauthenticated trigger but no evidence of active exploitation; patching should be scheduled within standard maintenance windows unless EAP-pwd is mission-critical.\\\",\\n \\\"recommended_sla\\\": \\\"Patch within 30–60 days; prioritize if EAP-pwd is in use on internet-facing or critical infrastructure.\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Denial of Service (Availability)\\\",\\n \\\"technical_impact_details\\\": \\\"Out-of-bounds read leading to process crash in hostapd (AP) or wpa_supplicant (client), disrupting Wi‑Fi authentication and connectivity.\\\",\\n \\\"blast_radius\\\": \\\"All deployments using EAP-pwd with affected versions of hostapd or wpa_supplicant; exposure limited to EAP-pwd-enabled networks.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk: DoS can disrupt Wi‑Fi services, but impact is contained to EAP-pwd authentication; no evidence of compromise or data exposure. Risk increases if EAP-pwd is used on critical or internet-facing systems.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"w1.fi wpa_supplicant\\\", \\\"w1.fi hostapd\\\", \\\"openSUSE 13.1\\\", \\\"openSUSE 13.2\\\"],\\n \\\"affected_versions\\\": \\\"wpa_supplicant 1.0–2.4; hostapd 1.0–2.4; openSUSE 13.1–13.2\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires EAP-pwd authentication to be enabled and network access to the EAP-pwd endpoint.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Relevant if EAP-pwd services are internet-accessible; otherwise limited to local network exposure.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Remote DoS Against Enterprise AP\\\",\\n \\\"attacker_goal\\\": \\\"Disrupt Wi‑Fi authentication service on an access point using EAP-pwd.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker identifies an AP with EAP-pwd enabled (e.g., via 802.11 probe or network recon).\\\", \\\"Craft a malformed EAP-pwd Commit or Confirm message with invalid payload length.\\\", \\\"Send the crafted message to the AP's hostapd service, triggering an out-of-bounds read and crash.\\\"],\\n \\\"likely_targets\\\": \\\"Enterprise access points or controllers using EAP-pwd for Wi‑Fi authentication.\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Client-Side DoS via Rogue AP\\\",\\n \\\"attacker_goal\\\": \\\"Crash wpa_supplicant on a client device during EAP-pwd authentication.\\\",\\n \\\"steps_high_level\\\": [\\\"Set up a rogue AP configured to use EAP-pwd.\\\", \\\"Wait for a client to attempt association and EAP-pwd exchange.\\\", \\\"Respond with a crafted Confirm message to trigger an out-of-bounds read in the client's wpa_supplicant, causing a crash.\\\"],\\n \\\"likely_targets\\\": \\\"Client devices (laptops, mobile) using wpa_supplicant with EAP-pwd.\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch or Disable EAP-pwd\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Update hostapd and wpa_supplicant to versions beyond 2.4 that include the missing payload length validation fix.\\\",\\n \\\"Disable EAP-pwd authentication on APs and clients if it is not required, switching to alternative EAP methods (e.g., EAP-TLS, PEAP).\\\",\\n \\\"Implement network segmentation and access controls to restrict EAP-pwd traffic to trusted sources only.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disable EAP-pwd authentication where feasible; apply patches during maintenance windows.\\\",\\n \\\"patching_notes\\\": \\\"Verify patches with vendor-specific advisories; test in non-production environments first.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Confirm current versions of hostapd and wpa_supplicant in use across APs and clients.\\\",\\n \\\"Check configuration files to identify any EAP-pwd enabled SSIDs or supplicant profiles.\\\",\\n \\\"After patching, monitor logs for crashes or anomalies during EAP authentication.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Ensure backup of configurations before patching; plan rollback procedure if patch causes instability.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor hostapd and wpa_supplicant logs for unexpected crashes or out-of-bounds read errors during EAP exchanges.\\\",\\n \\\"Use IDS/IPS rules to detect malformed EAP-pwd Commit/Confirm messages (e.g., anomalous payload lengths).\\\",\\n \\\"Alert on repeated EAP authentication failures or service restarts on APs or clients using EAP-pwd.\\\",\\n \\\"Correlate network traffic captures with EAP-pwd message structures to identify crafted payloads.\\\",\\n \\\"Deploy endpoint monitoring (EDR) to detect wpa_supplicant or hostapd process crashes.\\\",\\n \\\"Hunt for rogue APs advertising EAP-pwd to identify potential attack vectors.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.01205 (percentile 0.78347)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Affects widely used Wi‑Fi authentication components (hostapd, wpa_supplicant) embedded in many Linux distributions and devices.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"CVSS vector string\\\", \\\"Fixed versions\\\", \\\"Detailed vendor patch links\\\", \\\"Evidence of active exploitation\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"CVSS base score discrepancy: cves_euvd reports 5.0 (v2.0), while cves reports 0.0; using 5.0 as authoritative.\\\", \\\"EPSS values differ between sources (1.2000 vs 0.01205); using cves_epss value for consistency.\\\"],\\n \\\"assumptions_made\\\": [\\\"EAP-pwd must be enabled for exploitability; assumed not default in most deployments.\\\", \\\"DoS impact is service-specific and does not lead to broader system compromise.\\\"],\\n \\\"confidence\\\": \\\"Medium: Core vulnerability details are clear, but missing patch and exploitation data limit precision.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://lists.opensuse.org/opensuse-updates/2015-06/msg00019.html\\\",\\n \\\"http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"58\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2019-9496\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2019-9496\\\",\\n \\\"title\\\": \\\"hostapd SAE Authentication Invalid Sequence DoS\\\",\\n \\\"short_description\\\": \\\"An invalid authentication sequence in hostapd (AP mode) when processing the SAE confirm message causes the process to terminate due to missing state validation, leading to denial of service. Both hostapd with SAE support and wpa_supplicant with SAE support up to and including version 2.7 are affected.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows an unauthenticated network attacker to crash hostapd, disrupting Wi‑Fi access point services and causing availability impact. The attack requires no authentication or user interaction and can be performed remotely over the network, making it straightforward to exploit in environments where the AP is reachable. Given hostapd's role in enterprise and embedded Wi‑Fi infrastructure, successful exploitation can lead to service outages, user productivity loss, and potential bypass of network access controls if failover mechanisms are not properly configured.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.0\\\",\\n \\\"cvss_base_score\\\": \\\"7.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\\\",\\n \\\"severity_label\\\": \\\"HIGH\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"Not available / Not specified in input data\\\"],\\n \\\"weakness_summary\\\": \\\"Missing state validation during SAE (Simultaneous Authentication of Equals) confirm message processing in hostapd/AP mode allows an invalid authentication sequence to trigger process termination.\\\",\\n \\\"attack_surface\\\": \\\"Network-accessible hostapd service in AP mode with SAE support enabled; attackers can send crafted SAE confirm messages without authentication.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation is network-based and requires no authentication or user interaction; however, the attacker must be able to reach the hostapd service on the AP. No public evidence of in-the-wild exploitation or PoC was found in the input data.\\\",\\n \\\"evidence_signals\\\": [\\\"CVSS 3.0 base score 7.5 with network attack vector and high availability impact\\\", \\\"EPSS score 0.02156 (percentile 0.83726) suggests moderate exploitation likelihood\\\", \\\"No explicit PoC or active exploitation signals present in input data\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"High - Urgent Verification\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"High CVSS score (7.5) with network-accessible, low-complexity DoS vector affecting critical Wi‑Fi infrastructure. Immediate verification of affected hostapd/wpa_supplicant versions and exposure is warranted, followed by patching within standard maintenance windows.\\\",\\n \\\"recommended_sla\\\": \\\"Verify exposure within 72 hours; apply patches within 14 days or next maintenance window.\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Availability: High (process crash leading to DoS); Confidentiality/Integrity: None\\\",\\n \\\"technical_impact_details\\\": \\\"Attackers can remotely crash the hostapd process by sending an invalid SAE confirm message sequence, causing Wi‑Fi AP service disruption. Repeated exploitation can sustain DoS. No evidence of code execution or information disclosure.\\\",\\n \\\"blast_radius\\\": \\\"All hostapd instances in AP mode with SAE support enabled and reachable from untrusted networks; embedded devices, routers, and enterprise APs using affected wpa_supplicant/hostapd versions.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Significant availability risk for Wi‑Fi services, especially in environments with internet-exposed APs or guest networks. DoS can disrupt operations and user access, but no data theft or system compromise is indicated. Risk is elevated if compensating controls (rate limiting, network segmentation) are absent.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"w1.fi hostapd\\\", \\\"w1.fi wpa_supplicant\\\", \\\"Fedora 28\\\", \\\"Fedora 29\\\", \\\"Fedora 30\\\"],\\n \\\"affected_versions\\\": \\\"All versions of hostapd with SAE support; wpa_supplicant with SAE support up to and including version 2.7\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"SAE (WPA3) support must be enabled; hostapd must be operating in AP mode for the vulnerability to be triggered.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High if APs are internet-facing or accessible from untrusted networks; otherwise moderate if segmented.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Remote DoS Against Guest Wi‑Fi AP\\\",\\n \\\"attacker_goal\\\": \\\"Disrupt guest Wi‑Fi services by crashing the hostapd process.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker identifies an internet-facing or network-accessible AP running hostapd with SAE enabled.\\\", \\\"Attacker crafts and sends an invalid SAE confirm message sequence to the AP.\\\", \\\"hostapd fails state validation and terminates, causing Wi‑Fi service outage until restart.\\\"],\\n \\\"likely_targets\\\": \\\"Guest Wi‑Fi networks, public hotspots, enterprise edge APs with external exposure.\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Sustained DoS via Automation\\\",\\n \\\"attacker_goal\\\": \\\"Maintain prolonged service disruption by repeatedly triggering the crash.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker develops a simple script to send invalid SAE confirm messages at intervals.\\\", \\\"Script targets one or more APs, crashing hostapd each time it restarts.\\\", \\\"Service remains unavailable or degraded until patching or network-level mitigations are applied.\\\"],\\n \\\"likely_targets\\\": \\\"Organizations with unpatched hostapd and limited monitoring/restart resilience.\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Compensating Controls\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Update hostapd and wpa_supplicant to versions beyond 2.7 that include fixes for SAE state validation.\\\",\\n \\\"Apply network segmentation and firewall rules to restrict access to hostapd management interfaces from untrusted networks.\\\",\\n \\\"Deploy monitoring and automated restart mechanisms (e.g., systemd, watchdog) to detect crashes and restore service while patching is scheduled.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disable SAE (WPA3) support if not required; however, this reduces security and is not recommended as a long-term solution.\\\",\\n \\\"patching_notes\\\": \\\"Verify compatibility of updated hostapd/wpa_supplicant with existing hardware and client devices before deployment. Prioritize internet-facing and critical APs.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Inventory all systems running hostapd/wpa_supplicant and check versions against affected range.\\\",\\n \\\"Confirm SAE is enabled on APs and assess network exposure (internet-facing, guest networks).\\\",\\n \\\"After patching, validate Wi‑Fi connectivity and SAE authentication to ensure no regressions.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backups of configuration files and previous package versions; test rollback procedures in a non-production environment.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor hostapd process crashes and restarts via system logs (syslog, journalctl) and EDR/sysmon events.\\\",\\n \\\"Alert on repeated authentication failures or malformed SAE frames from single sources using Wi‑Fi monitoring tools or IDS/IPS.\\\",\\n \\\"Hunt for network scans or probes targeting TCP/udp ports associated with hostapd on APs.\\\",\\n \\\"Correlate Wi‑Fi service outages with spikes in authentication-related traffic from external IPs.\\\",\\n \\\"Deploy netflow/sFlow analysis to detect anomalous SAE message patterns or high rates of confirm messages.\\\",\\n \\\"Use AP health dashboards to track unexpected service interruptions and correlate with patch status.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.02156\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Embedded devices, routers, and Linux distributions shipping affected hostapd/wpa_supplicant versions may be impacted; assess third-party firmware and OEM patches.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"CWE identifiers\\\", \\\"Explicit fixed versions\\\", \\\"Vendor patch/advisory links\\\", \\\"Detailed exploit code or PoC references\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS scores differ between sources (2.1600 vs 0.02156); using the EPSS source value (0.02156) as authoritative.\\\", \\\"Affected products list includes Fedora OS entries but specific package versions are not detailed.\\\"],\\n \\\"assumptions_made\\\": [\\\"SAE support is implied to be enabled for vulnerability trigger; actual exposure depends on configuration.\\\", \\\"Patching beyond wpa_supplicant 2.7 is assumed to address the issue, but exact fixed version is not specified.\\\"],\\n \\\"confidence\\\": \\\"Medium: Core vulnerability details and CVSS are clear, but missing CWE, fixed versions, and vendor advisories limit precision.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html\\\",\\n \\\"http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"81\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2019-16910\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2019-16910\\\",\\n \\\"title\\\": \\\"Mbed TLS/Crypto Insufficient Entropy in Deterministic ECDSA Blinding\\\",\\n \\\"short_description\\\": \\\"Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, allowing an attacker to recover a private key via side-channel attacks if a victim signs the same message many times.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability enables private key recovery through side-channel attacks when deterministic ECDSA is enabled and the same message is signed repeatedly. Private key compromise breaks the fundamental security guarantees of ECDSA, potentially enabling impersonation, session hijacking, or decryption of protected communications. The attack requires specific conditions but targets cryptographic core functionality present in TLS implementations and embedded systems.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"5.3\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-331: Insufficient Entropy\\\"],\\n \\\"weakness_summary\\\": \\\"Insufficient entropy in RNG used for ECDSA blinding when deterministic mode is enabled, creating side-channel leakage that can reveal private keys through repeated signing operations.\\\",\\n \\\"attack_surface\\\": \\\"Cryptographic library implementations using deterministic ECDSA; primarily affects TLS handshakes, code signing operations, and authentication mechanisms.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires deterministic ECDSA mode, repeated signing of identical messages, and side-channel observation capabilities. High technical complexity but potentially devastating impact if successful.\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of in-the-wild exploitation in input data\\\", \\\"EPSS score indicates low exploitation likelihood (0.00910)\\\", \\\"CVSS attack complexity is High\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Network access may be required to observe side channels or trigger signing operations\\\",\\n \\\"authentication_required\\\": \\\"Not required for observing side channels\\\",\\n \\\"user_interaction_required\\\": \\\"Required (victim must sign messages)\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"High - requires side-channel measurement capabilities and repeated signing of identical messages\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity cryptographic vulnerability requiring specific configuration (deterministic ECDSA) and side-channel access. While private key recovery is critical, the attack complexity and prerequisites limit immediate risk. Priority should focus on identifying affected systems and planning updates.\\\",\\n \\\"recommended_sla\\\": \\\"Patch within 90 days; verify deterministic ECDSA usage and consider immediate mitigation if enabled\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Confidentiality: High (private key recovery); Integrity: None; Availability: None\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation recovers ECDSA private keys through side-channel analysis of deterministic signatures. This enables complete impersonation of the key holder, decryption of protected communications, and bypass of authentication mechanisms.\\\",\\n \\\"blast_radius\\\": \\\"Limited to systems using deterministic ECDSA with vulnerable library versions. Higher risk for embedded devices, IoT systems, and services performing frequent signing operations.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to high technical complexity but severe impact if exploited. Risk increases with: exposure of signing services to untrusted networks, use of deterministic ECDSA in production, embedded devices lacking update mechanisms, and compliance requirements for key protection.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Arm Mbed TLS\\\", \\\"Arm Mbed Crypto\\\", \\\"Fedora 29\\\", \\\"Fedora 30\\\", \\\"Fedora 31\\\", \\\"Debian Linux 10.0\\\"],\\n \\\"affected_versions\\\": \\\"Mbed TLS before 2.19.0; Mbed Crypto before 2.0.0; Mbed TLS fixes also available in 2.7.12 and 2.16.3\\\",\\n \\\"fixed_versions\\\": \\\"Mbed TLS 2.19.0+ (or 2.7.12+, 2.16.3+); Mbed Crypto 2.0.0+\\\",\\n \\\"configuration_dependencies\\\": \\\"Vulnerability only manifests when deterministic ECDSA is enabled\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High relevance for internet-facing services using ECDSA signatures (TLS handshakes, API authentication). Side-channel attacks may be feasible over network connections.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"TLS Server Private Key Extraction\\\",\\n \\\"attacker_goal\\\": \\\"Recover TLS server private key to impersonate legitimate server or decrypt intercepted TLS sessions\\\",\\n \\\"steps_high_level\\\": [\\\"Identify target server using vulnerable Mbed TLS with deterministic ECDSA enabled\\\", \\\"Trigger repeated TLS handshakes or certificate signing operations\\\", \\\"Measure timing or power side channels during ECDSA operations\\\", \\\"Analyze side-channel data to recover private key through lattice attacks\\\"],\\n \\\"likely_targets\\\": \\\"Internet-facing HTTPS servers, IoT devices, embedded systems using Mbed TLS with deterministic ECDSA\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Code Signing Infrastructure Compromise\\\",\\n \\\"attacker_goal\\\": \\\"Recover code signing private key to sign malicious software with legitimate credentials\\\",\\n \\\"steps_high_level\\\": [\\\"Identify build systems or signing services using vulnerable Mbed Crypto library\\\", \\\"Observe signing operations through shared infrastructure or network side channels\\\", \\\"Trigger repeated signing of identical software artifacts\\\", \\\"Extract private key through statistical analysis of deterministic signatures\\\"],\\n \\\"likely_targets\\\": \\\"CI/CD pipelines, code signing services, firmware update mechanisms\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Update\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Update Mbed TLS to version 2.19.0 or later (or 2.7.12+, 2.16.3+) and Mbed Crypto to 2.0.0 or later to address the entropy insufficiency.\\\",\\n \\\"Disable deterministic ECDSA mode if not required for compliance or interoperability, forcing use of randomized ECDSA with proper entropy.\\\",\\n \\\"Isolate signing operations to dedicated hardware or secure environments with limited side-channel observability from untrusted parties.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disable deterministic ECDSA mode; use hardware security modules (HSMs) for signing operations; implement rate limiting on signing operations; ensure proper entropy sources are available\\\",\\n \\\"patching_notes\\\": \\\"Multiple fixed versions available: Mbed TLS 2.19.0 (complete fix), 2.7.12, or 2.16.3. Mbed Crypto requires 2.0.0+. Test compatibility with existing applications before deployment.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify library versions using mbedtls_version_string() or package manager queries\\\",\\n \\\"Check configuration for MBEDTLS_ECDSA_DETERMINISTIC define or deterministic ECDSA usage\\\",\\n \\\"Review application logs for repeated signing of identical messages\\\",\\n \\\"Test updated libraries in development environment before production deployment\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous library versions and configurations. Document deterministic ECDSA dependencies before disabling. Plan rollback procedures if compatibility issues arise.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for repeated identical ECDSA signatures from the same key (indicating deterministic mode usage)\\\",\\n \\\"Alert on unusual network patterns targeting signing services or TLS handshake endpoints\\\",\\n \\\"Hunt for side-channel measurement tools or timing analysis attempts against cryptographic operations\\\",\\n \\\"Review entropy source health and RNG initialization in cryptographic libraries\\\",\\n \\\"Search logs for deterministic ECDSA configuration flags or library version strings indicating vulnerable versions\\\",\\n \\\"Monitor for certificate or key replacement activities following potential key compromise\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00910\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High relevance - Mbed TLS is widely used in embedded systems, IoT devices, and as a dependency in larger software stacks. Key compromise could affect entire device fleets or downstream applications.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed vendor advisory\\\", \\\"Proof-of-concept availability\\\", \\\"CISA KEV status\\\", \\\"Specific exploit techniques\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS score discrepancy between sources (0.9100 vs 0.00910) - using 0.00910 as more recent/likely correct\\\"],\\n \\\"assumptions_made\\\": [\\\"Deterministic ECDSA is not commonly enabled by default\\\", \\\"Side-channel attacks require physical or network proximity\\\", \\\"Affected systems can be updated without breaking functionality\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear, but exploitation feasibility and current threat landscape information is limited\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://github.com/ARMmbed/mbedtls/commit/298a43a77ec0ed2c19a8c924ddd8571ef3e65dfd\\\",\\n \\\"https://github.com/ARMmbed/mbedtls/commit/33f66ba6fd234114aa37f0209dac031bb2870a9b\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"87\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2020-36422\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 5.3,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2020-36422\\\",\\n \\\"title\\\": \\\"Arm Mbed TLS ECC Private Key Side-Channel Information Leak\\\",\\n \\\"short_description\\\": \\\"Arm Mbed TLS before 2.23.0 contains a side-channel vulnerability in ECC operations that allows recovery of an ECC private key.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability enables attackers to extract long-term ECC private keys through side-channel observation, compromising the confidentiality of cryptographic material and undermining the security of TLS connections and digital signatures.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"5.3\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-203: Observable Discrepancy\\\"],\\n \\\"weakness_summary\\\": \\\"Side-channel attack against ECC operations allowing key recovery through timing or power analysis\\\",\\n \\\"attack_surface\\\": \\\"ECC cryptographic operations in mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbedtls_ecp_mul, and mbedtls_ecp_mul_restartable functions\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Requires side-channel measurement capability but no authentication or user interaction\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of in-the-wild exploitation in input data\\\", \\\"EPSS score suggests low exploitation likelihood\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity side-channel requiring physical or local access for measurement; no active exploitation evidence; affects cryptographic operations but requires specialized attack vectors\\\",\\n \\\"recommended_sla\\\": \\\"90 days\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Confidentiality impact through cryptographic key disclosure\\\",\\n \\\"technical_impact_details\\\": \\\"ECC private keys can be recovered through side-channel analysis, potentially compromising TLS sessions, digital signatures, and encrypted data\\\",\\n \\\"blast_radius\\\": \\\"Systems using vulnerable Mbed TLS versions for ECC operations, particularly those exposed to local attackers or shared hardware\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Medium risk: requires side-channel access (shared hardware, cloud co-residency, or local access); no integrity or availability impact; key disclosure has long-term security implications\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Arm Mbed TLS\\\", \\\"Debian Linux 10.0\\\"],\\n \\\"affected_versions\\\": \\\"Mbed TLS before 2.23.0\\\",\\n \\\"fixed_versions\\\": \\\"Mbed TLS 2.23.0 and later\\\",\\n \\\"configuration_dependencies\\\": \\\"ECC cryptographic operations must be performed; affects systems using ECC for TLS, signatures, or key exchange\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High relevance for internet-facing systems using ECC; side-channel attacks may require co-residency or local access\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Cloud Co-Residency Key Extraction\\\",\\n \\\"attacker_goal\\\": \\\"Extract ECC private keys from co-resident virtual machines\\\",\\n \\\"steps_high_level\\\": [\\\"Deploy attacker VM on same physical host as target\\\", \\\"Monitor shared hardware resources (cache, power) during ECC operations\\\", \\\"Apply side-channel analysis to recover private key bits\\\"],\\n \\\"likely_targets\\\": \\\"Cloud-hosted services using Mbed TLS with ECC cryptography\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Local Side-Channel Key Recovery\\\",\\n \\\"attacker_goal\\\": \\\"Recover cryptographic keys from local processes\\\",\\n \\\"steps_high_level\\\": [\\\"Gain local access to target system\\\", \\\"Monitor timing or power consumption during ECC operations\\\", \\\"Reconstruct private key through statistical analysis\\\"],\\n \\\"likely_targets\\\": \\\"Systems with shared user access running vulnerable Mbed TLS applications\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade Mbed TLS to version 2.23.0 or later to implement side-channel resistant ECC operations.\\\",\\n \\\"Implement hardware isolation controls to prevent co-residency attacks in cloud environments.\\\",\\n \\\"Apply compiler-level mitigations and constant-time coding practices for cryptographic operations.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disable ECC cipher suites if not required; use RSA or other non-ECC algorithms where side-channel resistance cannot be guaranteed\\\",\\n \\\"patching_notes\\\": \\\"Version 2.23.0 contains side-channel fixes; verify all dependent applications are updated; test cryptographic functionality post-update\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify Mbed TLS version is 2.23.0 or later using mbedtls_version_check() or package manager.\\\",\\n \\\"Test ECC operations (key generation, signing, verification) to ensure functionality is preserved.\\\",\\n \\\"Review system logs for any cryptographic operation failures or warnings.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous Mbed TLS version; test rollback procedures; ensure cryptographic material remains accessible\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for unusual process behavior indicating side-channel measurement tools (performance monitoring tools, cache analysis utilities).\\\",\\n \\\"Alert on failed cryptographic operations or unexpected TLS handshake failures that may indicate key compromise.\\\",\\n \\\"Hunt for unauthorized local access or privilege escalation that could enable side-channel observation.\\\",\\n \\\"Monitor cloud infrastructure for suspicious co-residency patterns or VM placement anomalies.\\\",\\n \\\"Search logs for ECC cryptographic operations with abnormal timing characteristics or error patterns.\\\",\\n \\\"Implement runtime monitoring of cryptographic function execution times to detect potential side-channel exploitation attempts.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00174\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - affects cryptographic library used in embedded systems and IoT devices\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed affected version ranges\\\", \\\"Vendor patch availability timeline\\\", \\\"Specific CWE identifier\\\", \\\"Exploitation evidence\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS scores show discrepancy: 0.1700 vs 0.00174 - using 0.00174 as more recent\\\", \\\"Limited information on specific vulnerable functions and exploitation techniques\\\"],\\n \\\"assumptions_made\\\": [\\\"Side-channel requires physical or local access\\\", \\\"ECC operations are in use\\\", \\\"No active exploitation based on absence of evidence\\\"],\\n \\\"confidence\\\": \\\"Medium - core vulnerability details confirmed but exploitation specifics limited\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://bugs.gentoo.org/730752\\\",\\n \\\"https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.7\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\"\n        },\n        {\n            \"id\": \"111\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2024-28755\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2024-28755\\\",\\n \\\"title\\\": \\\"Mbed TLS SSL Context Reset TLS Version Downgrade Vulnerability\\\",\\n \\\"short_description\\\": \\\"Mbed TLS 3.5.x before 3.6.0 fails to restore the configured maximum TLS version after mbedtls_ssl_session_reset(), allowing an attacker to force TLS 1.3 connections to downgrade to TLS 1.2 or cause DoS.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability enables forced protocol downgrade from TLS 1.3 to TLS 1.2 on Mbed TLS servers, weakening cryptographic security and potentially causing denial of service. TLS 1.3 provides significant security improvements over TLS 1.2, including stronger cipher suites, reduced handshake latency, and enhanced privacy through encrypted handshake extensions. Organizations relying on Mbed TLS for secure communications may face compliance risks, service disruption, and reduced security posture if attackers successfully trigger version downgrades. The vulnerability affects the SSL/TLS negotiation phase, a critical trust boundary for encrypted communications.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"6.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"Not available / Not specified in input data\\\"],\\n \\\"weakness_summary\\\": \\\"State management error in SSL context reset where maximum TLS version configuration is not properly restored, leading to unintended protocol downgrade behavior.\\\",\\n \\\"attack_surface\\\": \\\"Network-accessible Mbed TLS servers using SSL session reset functionality; specifically impacts TLS version negotiation mechanism.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Attackers can trigger SSL session resets to force TLS 1.3-capable servers to negotiate only TLS 1.2, potentially causing DoS or security downgrade. No authentication or user interaction required.\\\",\\n \\\"evidence_signals\\\": [\\\"CVSS 3.1 score 6.5 with network attack vector and low attack complexity\\\", \\\"EPSS score 0.00127 (0.33 percentile) indicates low current exploitation likelihood\\\", \\\"No explicit evidence of in-the-wild exploitation or public PoC in input data\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity with potential for DoS and cryptographic downgrade, but low current exploitation likelihood (EPSS 0.00127). Network-accessible Mbed TLS 3.5.x servers should be prioritized for patching within standard maintenance windows. No immediate active exploitation detected.\\\",\\n \\\"recommended_sla\\\": \\\"Patch within 30-60 days for externally exposed systems; 60-90 days for internal-only systems\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Confidentiality: None (no data disclosure); Integrity: Low (protocol downgrade); Availability: Low (potential DoS)\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation forces TLS 1.3-capable servers to negotiate TLS 1.2 instead, weakening cryptographic protections and potentially preventing TLS 1.3 connections entirely. This reduces security guarantees provided by TLS 1.3 such as modern cipher suites, 0-RTT resumption protection, and encrypted handshake extensions.\\\",\\n \\\"blast_radius\\\": \\\"All Mbed TLS 3.5.x servers using SSL session reset functionality; particularly critical for externally-facing systems requiring strong TLS 1.3 security guarantees.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to potential compliance violations (requiring TLS 1.3), service disruption for TLS 1.3-dependent clients, and weakened cryptographic posture. Risk is elevated for organizations with regulatory requirements mandating strong encryption standards or those specifically advertising TLS 1.3 support.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Arm Mbed TLS\\\"],\\n \\\"affected_versions\\\": \\\"3.5.x versions before 3.6.0\\\",\\n \\\"fixed_versions\\\": \\\"3.6.0 and later\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires Mbed TLS server configuration supporting TLS 1.3 and usage of mbedtls_ssl_session_reset() API\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High relevance for internet-facing Mbed TLS servers; moderate for internal systems depending on security requirements\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"TLS Version Downgrade Attack\\\",\\n \\\"attacker_goal\\\": \\\"Force TLS 1.3-capable Mbed TLS servers to negotiate weaker TLS 1.2 connections\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker identifies Mbed TLS 3.5.x server supporting TLS 1.3\\\", \\\"Attacker triggers mbedtls_ssl_session_reset() through crafted connection attempts\\\", \\\"Server fails to restore maximum TLS version configuration and falls back to TLS 1.2\\\"],\\n \\\"likely_targets\\\": \\\"Internet-facing HTTPS servers, API endpoints, IoT devices using Mbed TLS for secure communications\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Denial of Service Against TLS 1.3 Clients\\\",\\n \\\"attacker_goal\\\": \\\"Prevent TLS 1.3-only clients from establishing connections to affected servers\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker repeatedly triggers SSL session resets on target server\\\", \\\"Server maximum TLS version is reset below TLS 1.3 capability\\\", \\\"TLS 1.3-only clients cannot negotiate connection and fail\\\"],\\n \\\"likely_targets\\\": \\\"Modern web services, mobile applications, and API clients requiring TLS 1.3 security features\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch Management\\\",\\n \\\"mitigation_action\\\": [\\\"Upgrade Mbed TLS to version 3.6.0 or later to resolve the SSL context reset vulnerability.\\\", \\\"Review and audit all systems using Mbed TLS 3.5.x to identify affected deployments and exposure levels.\\\", \\\"Implement network monitoring to detect anomalous TLS version negotiation patterns and potential downgrade attempts.\\\"],\\n \\\"workarounds\\\": \\\"Avoid using mbedtls_ssl_session_reset() API in affected versions if possible; implement application-level session management instead.\\\",\\n \\\"patching_notes\\\": \\\"Version 3.6.0 includes the fix; ensure compatibility testing before deployment. Consider implementing TLS version enforcement policies post-upgrade.\\\",\\n \\\"verification_steps\\\": [\\\"Verify Mbed TLS version is 3.6.0 or later using version query APIs or package management tools.\\\", \\\"Test TLS 1.3 connection establishment after patch to confirm maximum version restoration works correctly.\\\", \\\"Monitor SSL session reset operations in production to ensure proper TLS version persistence.\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous Mbed TLS version and configuration; ensure application compatibility with rollback version before proceeding.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor TLS handshake logs for unexpected protocol downgrades from TLS 1.3 to TLS 1.2 on Mbed TLS servers\\\",\\n \\\"Alert on repeated SSL session reset operations within short time windows, potentially indicating exploitation attempts\\\",\\n \\\"Implement IDS/IPS rules to detect crafted connection patterns targeting mbedtls_ssl_session_reset() functionality\\\",\\n \\\"Correlate network traffic with Mbed TLS version inventory to identify unpatched systems\\\",\\n \\\"Monitor for clients failing to establish TLS 1.3 connections to servers known to support TLS 1.3\\\",\\n \\\"Hunt for anomalous connection termination patterns following SSL session reset operations\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00127 (percentile: 0.32806, date: 2025-11-23)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Mbed TLS is widely used in embedded systems, IoT devices, and as a cryptographic library dependency; vulnerability could affect multiple downstream products\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"CWE identifier\\\", \\\"Detailed vendor advisory link\\\", \\\"Specific affected version ranges beyond '3.5.x'\\\", \\\"Complete CPE version enumeration\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"Input provides CPE 2.3 format but lacks specific version strings; description states '3.5.x before 3.6.0'\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed '3.5.x before 3.6.0' means all 3.5.x versions are affected\\\", \\\"Inferred attack scenarios based on vulnerability description and TLS protocol behavior\\\", \\\"Interpreted 'forced version downgrade' as attacker-controlled rather than accidental configuration\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear, but missing CWE and specific version enumeration limits precise impact assessment\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0\\\",\\n \\\"https://github.com/hey3e\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"Not available / Not specified in input data\\\"\\n}\"\n        },\n        {\n            \"id\": \"8\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2020-16146\",\n            \"component_name\": \"esp-idf\",\n            \"component_version\": \"5.4\",\n            \"component_cpe\": \"cpe:2.3:a:espressif:esp_idf:5.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:github/espressif/esp-idf@v5.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 7.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2020-16146\\\",\\n \\\"title\\\": \\\"Espressif ESP-IDF BluFi Provisioning Buffer Overflow\\\",\\n \\\"short_description\\\": \\\"A buffer overflow exists in Espressif ESP-IDF's BluFi provisioning component within the btc_blufi_recv_handler function in blufi_prf.c. An attacker can send a crafted BluFi protocol Write Attribute command to characteristic 0xFF01, causing a buffer overflow via manipulated packet fields.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows unauthenticated network-based attackers to cause denial of service (availability impact) on affected ESP-IDF devices using the BluFi provisioning mechanism. The flaw resides in a core IoT device framework widely used in embedded systems, potentially affecting a broad range of IoT products. While the CVSS indicates availability impact only, buffer overflows in low-level device firmware can potentially lead to device instability, crashes, or unexpected behavior affecting device functionality.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"7.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\\\",\\n \\\"severity_label\\\": \\\"HIGH\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-120\\\"],\\n \\\"weakness_summary\\\": \\\"Classic buffer overflow in network protocol handler (BluFi provisioning) when processing crafted Write Attribute commands to BLE characteristic 0xFF01 with manipulated packet fields.\\\",\\n \\\"attack_surface\\\": \\\"Bluetooth Low Energy (BLE) interface via BluFi provisioning protocol; specifically the Write Attribute command handler for characteristic 0xFF01.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"The vulnerability requires network access to the device's BLE interface and knowledge of the BluFi protocol. Attack complexity is low with no authentication or user interaction required, making it moderately exploitable by attackers with proximity or network access to vulnerable devices.\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of in-the-wild exploitation in input data\\\", \\\"EPSS score suggests moderate exploitation likelihood\\\", \\\"Public disclosure with technical details available\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Adjacent network (Bluetooth Low Energy proximity)\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"High CVSS score (7.5) with network-accessible attack vector and no authentication required, but limited to availability impact and requires BLE proximity/access. No evidence of active exploitation. EPSS scores show moderate exploitation probability. Priority is to inventory affected IoT devices and schedule patching within standard maintenance windows.\\\",\\n \\\"recommended_sla\\\": \\\"30-60 days for inventory and patching; immediate assessment if devices are internet-exposed or in critical infrastructure\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Availability: High (device crash/instability); Confidentiality: None; Integrity: None per CVSS assessment\\\",\\n \\\"technical_impact_details\\\": \\\"Buffer overflow in btc_blufi_recv_handler function when processing crafted BluFi Write Attribute commands to characteristic 0xFF01. Successful exploitation can cause device crashes, denial of service, or unpredictable behavior in the BluFi provisioning component.\\\",\\n \\\"blast_radius\\\": \\\"Medium to High - affects all ESP-IDF versions 2.x through 4.0.1 across multiple product lines using BluFi provisioning. Impact limited to devices with BLE interface enabled and BluFi provisioning active.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to: (1) No authentication required for exploitation, (2) Availability impact on IoT devices potentially affecting operational continuity, (3) Broad version range affected (2.x-4.0.1), (4) IoT devices often deployed in hard-to-patch scenarios. Risk mitigated by requirement for BLE proximity and lack of confidentiality/integrity impact.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Espressif ESP-IDF\\\"],\\n \\\"affected_versions\\\": \\\"2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.7, 3.2.x through 3.2.3, 3.3.x through 3.3.2, 4.0.x through 4.0.1\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires devices with Bluetooth Low Energy (BLE) interface enabled and BluFi provisioning functionality active\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Devices with BLE exposed to network-accessible or public environments are at higher risk. Physical proximity (typically ~10m for BLE) is required for exploitation.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"BluFi Provisioning DoS Attack\\\",\\n \\\"attacker_goal\\\": \\\"Cause device crash or denial of service\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker identifies target device with BLE and BluFi provisioning enabled\\\", \\\"Craft malicious BluFi Write Attribute command with manipulated packet fields targeting characteristic 0xFF01\\\", \\\"Send crafted packet via BLE connection to trigger buffer overflow in btc_blufi_recv_handler\\\"],\\n \\\"likely_targets\\\": \\\"IoT devices in public spaces, industrial IoT sensors, smart home devices using ESP-IDF with BluFi provisioning\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"BluFi Protocol Fuzzing Exploitation\\\",\\n \\\"attacker_goal\\\": \\\"Test device stability and potentially discover additional vulnerabilities\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker sets up BLE communication with target ESP-IDF device\\\", \\\"Develop fuzzing tool to generate malformed BluFi Write Attribute commands\\\", \\\"Send various manipulated packet field combinations to characteristic 0xFF01 to trigger buffer overflow\\\"],\\n \\\"likely_targets\\\": \\\"Development devices, test environments, or production devices with insufficient input validation\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Network Segmentation\\\",\\n \\\"mitigation_action\\\": [\\\"Update ESP-IDF to patched versions beyond 4.0.1 or apply vendor-provided security updates for affected versions\\\", \\\"Implement network segmentation to isolate BLE-enabled IoT devices from untrusted networks and limit BLE exposure\\\", \\\"Disable BluFi provisioning on devices where this functionality is not required for operational needs\\\"],\\n \\\"workarounds\\\": \\\"Disable BluFi provisioning if not needed; implement BLE access controls; use physical security to limit proximity access to devices\\\",\\n \\\"patching_notes\\\": \\\"Check Espressif GitHub repository and vendor advisories for patched versions. Verify compatibility with existing device firmware before deployment.\\\",\\n \\\"verification_steps\\\": [\\\"Inventory all ESP-IDF based devices and identify versions 2.x through 4.0.1\\\", \\\"Verify BluFi provisioning status on affected devices\\\", \\\"Test patched firmware in controlled environment before production deployment\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of current firmware before patching. Ensure rollback procedures are tested and documented for critical devices.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor BLE traffic logs for unusual Write Attribute commands to characteristic 0xFF01\\\",\\n \\\"Implement IDS/IPS rules to detect malformed BluFi protocol packets\\\",\\n \\\"Monitor device logs for crashes or restarts in btc_blufi_recv_handler or BluFi provisioning components\\\",\\n \\\"Use EDR/sensor data to detect buffer overflow patterns in ESP-IDF processes\\\",\\n \\\"Hunt for unexpected BLE connections to IoT devices from unknown MAC addresses\\\",\\n \\\"Monitor for devices becoming unresponsive or exhibiting denial of service symptoms after BLE interactions\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/CVE-2020-16146.md\\\",\\n \\\"epss\\\": \\\"0.00354\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - ESP-IDF is widely used in IoT device development; vulnerability affects core framework used by multiple device manufacturers\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Fixed versions\\\", \\\"Vendor patch availability\\\", \\\"Detailed technical analysis of buffer overflow mechanics\\\", \\\"CISA KEV status\\\", \\\"Evidence of active exploitation\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS scores show discrepancy: 0.3500 vs 0.00354 - using 0.00354 as it's from official EPSS source with recent date\\\", \\\"Limited detail on specific packet manipulation techniques\\\"],\\n \\\"assumptions_made\\\": [\\\"Buffer overflow is traditional stack/heap overflow based on CWE-120 classification\\\", \\\"BLE proximity required (standard BLE range limitations apply)\\\", \\\"No confidentiality/integrity impact based on CVSS assessment\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear, but missing patch information and limited technical depth reduce confidence in complete assessment\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://github.com/espressif/esp-idf\\\",\\n \\\"https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/CVE-2020-16146.md\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"9\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2021-28135\",\n            \"component_name\": \"esp-idf\",\n            \"component_version\": \"5.4\",\n            \"component_cpe\": \"cpe:2.3:a:espressif:esp_idf:5.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:github/espressif/esp-idf@v5.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2021-28135\\\",\\n \\\"title\\\": \\\"Espressif ESP-IDF Bluetooth Classic LMP Response Flood Denial of Service Vulnerability\\\",\\n \\\"short_description\\\": \\\"The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier fails to properly handle continuous unsolicited LMP (Link Manager Protocol) responses. An attacker within radio range can flood a target ESP32 device with LMP Feature Response data, causing a denial of service (crash).\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows an attacker to remotely crash ESP32 devices using a low-complexity Bluetooth packet flood, requiring no authentication or user interaction. It impacts the availability of IoT devices relying on ESP-IDF's Bluetooth stack, potentially disrupting operations in environments with untrusted radio proximity.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"6.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-400\\\"],\\n \\\"weakness_summary\\\": \\\"Uncontrolled resource consumption in Bluetooth Classic LMP handling leading to DoS.\\\",\\n \\\"attack_surface\\\": \\\"Bluetooth Classic (LMP layer) within radio range; no pairing or authentication required.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Attack requires proximity (adjacent network vector) and ability to transmit crafted LMP Feature Response packets. No authentication or user interaction needed; low attack complexity.\\\",\\n \\\"evidence_signals\\\": [\\\"Public research paper (BrakTooth) documents Bluetooth implementation flaws\\\", \\\"No evidence of active exploitation in input data\\\", \\\"EPSS score suggests moderate exploitation likelihood\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Adjacent (Bluetooth radio range)\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity DoS with no confidentiality/integrity impact; requires physical proximity and affects availability only. Prioritize patching during standard maintenance windows for devices in untrusted environments.\\\",\\n \\\"recommended_sla\\\": \\\"90 days for general devices; 30 days for critical IoT infrastructure in public/uncontrolled environments.\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Availability: High (device crash); Confidentiality: None; Integrity: None\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation causes device crash via resource exhaustion in LMP handling. Impact limited to DoS; no code execution or data exfiltration indicated.\\\",\\n \\\"blast_radius\\\": \\\"All ESP32 devices running ESP-IDF 4.4 or earlier with Bluetooth Classic enabled within attacker's radio range (typically ~10-100m).\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate risk: DoS can disrupt IoT operations, but requires proximity and has no data breach potential. Higher risk for safety-critical or public-facing IoT deployments.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Espressif ESP-IDF\\\"],\\n \\\"affected_versions\\\": \\\"4.4 and earlier\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Bluetooth Classic must be enabled on ESP32 device\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Indirect: Devices accessible via Bluetooth in public/untrusted environments are at higher risk than air-gapped deployments.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Bluetooth DoS Attack in Public Space\\\",\\n \\\"attacker_goal\\\": \\\"Disrupt IoT device availability (e.g., smart sensor, display, or control node)\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker identifies target ESP32 device via Bluetooth scanning\\\", \\\"Attacker crafts and transmits continuous unsolicited LMP Feature Response packets\\\", \\\"Target device crashes due to improper LMP handling, causing service disruption\\\"],\\n \\\"likely_targets\\\": \\\"ESP32-based IoT devices in public areas: smart home hubs, environmental sensors, industrial controllers, retail displays\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Targeted Physical Access DoS\\\",\\n \\\"attacker_goal\\\": \\\"Temporarily disable specific IoT infrastructure\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker gains physical proximity to target device (e.g., building access)\\\", \\\"Attacker uses software-defined radio or Bluetooth stack to generate LMP flood\\\", \\\"Repeated attacks maintain DoS state, preventing device recovery\\\"],\\n \\\"likely_targets\\\": \\\"Critical IoT infrastructure in semi-controlled environments: building automation, medical devices, manufacturing sensors\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Compensating Controls\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Update ESP-IDF to version 4.4.1 or later (if available) to address LMP handling flaw.\\\",\\n \\\"Implement physical security controls to limit unauthorized Bluetooth proximity access to critical devices.\\\",\\n \\\"Deploy monitoring for Bluetooth connection anomalies and device crashes to detect potential exploitation attempts.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disable Bluetooth Classic on devices where it is not required; use whitelisting for Bluetooth pairings if supported.\\\",\\n \\\"patching_notes\\\": \\\"Verify patch availability via Espressif's GitHub repository and apply to all affected ESP32 devices. Test in non-production environment first.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Confirm ESP-IDF version on deployed devices using device logs or management interface.\\\",\\n \\\"Validate Bluetooth functionality post-patch to ensure no regression.\\\",\\n \\\"Monitor device stability and crash logs for recurrence of DoS symptoms.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous firmware image; ensure rollback procedures do not reintroduce vulnerability.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor device logs for unexpected crashes or watchdog resets coinciding with Bluetooth activity.\\\",\\n \\\"Deploy Bluetooth sniffers to detect anomalous LMP traffic patterns (e.g., excessive Feature Response packets).\\\",\\n \\\"Correlate device availability metrics with physical access logs or security camera footage to identify potential attackers.\\\",\\n \\\"Hunt for devices with persistent Bluetooth connection failures or repeated pairing attempts from unknown sources.\\\",\\n \\\"Use EDR/security tools to flag processes attempting raw Bluetooth packet injection on nearby systems.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"https://dl.packetstormsecurity.net/papers/general/braktooth.pdf\\\",\\n \\\"epss\\\": \\\"0.00234\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Affects Espressif ESP-IDF framework used in many IoT products; downstream impact on device manufacturers.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Fixed version information\\\", \\\"Vendor advisory link\\\", \\\"CISA KEV status\\\", \\\"Detailed technical analysis of LMP handling flaw\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS score discrepancy: 0.2300 (cves_euvd) vs 0.00234 (cves_epss); using cves_epss as more recent (2025-11-23)\\\", \\\"Affected products list lacks version granularity (only '4.4 and earlier' specified)\\\"],\\n \\\"assumptions_made\\\": [\\\"ESP-IDF 4.4.1+ likely contains fix, but not explicitly stated in input\\\", \\\"Bluetooth Classic must be enabled for exploitability\\\", \\\"Radio range assumed typical Bluetooth distances (~10-100m)\\\"],\\n \\\"confidence\\\": \\\"Medium: Core vulnerability details are clear, but missing vendor patch information and exploit maturity data limit precision.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://dl.packetstormsecurity.net/papers/general/braktooth.pdf\\\",\\n \\\"https://github.com/espressif/esp-idf\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"10\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2021-28136\",\n            \"component_name\": \"esp-idf\",\n            \"component_version\": \"5.4\",\n            \"component_cpe\": \"cpe:2.3:a:espressif:esp_idf:5.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:github/espressif/esp-idf@v5.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.5,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2021-28136\\\",\\n \\\"title\\\": \\\"Espressif ESP-IDF Bluetooth Classic LMP Packet Replay Memory Corruption\\\",\\n \\\"short_description\\\": \\\"The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier mishandles multiple LMP IO Capability Request packets during pairing, allowing attackers within radio range to trigger memory corruption and crash the ESP32 via a replayed LMP packet.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability enables attackers within Bluetooth radio range to cause denial-of-service (device crash) through memory corruption without authentication. While it doesn't permit code execution or data theft, it affects IoT devices relying on ESP32 chips, potentially disrupting operations in environments with exposed Bluetooth interfaces. The attack requires proximity but no user interaction, making it relevant for publicly accessible or unattended IoT deployments.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"6.5\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-119\\\", \\\"CWE-20\\\"],\\n \\\"weakness_summary\\\": \\\"Improper handling of duplicated Link Manager Protocol (LMP) packets during Bluetooth pairing leads to memory corruption. The vulnerability stems from insufficient input validation when processing multiple LMP IO Capability Request packets.\\\",\\n \\\"attack_surface\\\": \\\"Bluetooth Classic (BR/EDR) radio interface during device pairing process. Attackers must be within typical Bluetooth range (~10-100m depending on environment).\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Attackers within radio range can replay LMP packets to trigger memory corruption and device crash. No authentication or user interaction required, but attack window limited to pairing process.\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of in-the-wild exploitation in input data\\\", \\\"Academic research paper (BrakTooth) documents vulnerability class\\\", \\\"EPSS score suggests moderate exploitation likelihood\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Adjacent (Bluetooth radio proximity)\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low - packet replay attack\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity DoS vulnerability requiring physical proximity. No evidence of active exploitation. Affects IoT devices with exposed Bluetooth during pairing. Prioritize patching for devices in publicly accessible locations or critical infrastructure.\\\",\\n \\\"recommended_sla\\\": \\\"90 days for general devices; 30 days for critical/exposed deployments\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Availability: High (device crash), Confidentiality: None, Integrity: None\\\",\\n \\\"technical_impact_details\\\": \\\"Memory corruption leads to system crash/reboot. No evidence of remote code execution or data exfiltration capability. Impact limited to denial-of-service.\\\",\\n \\\"blast_radius\\\": \\\"Individual ESP32 devices within Bluetooth range (~10-100m). Mass exploitation would require attackers to be physically proximate to each target device.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"Moderate business risk due to DoS potential for IoT devices in operational environments. Risk increases for unattended devices, industrial IoT, or devices in publicly accessible locations. No data breach risk, but service disruption possible.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Espressif ESP-IDF\\\", \\\"Espressif ESP32\\\"],\\n \\\"affected_versions\\\": \\\"ESP-IDF 4.4 and earlier versions\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Bluetooth Classic must be enabled and device must be in pairing mode or discoverable state\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Devices with physically accessible Bluetooth interfaces in public or semi-public spaces are at higher risk. Network segmentation provides no protection as attack occurs over radio interface.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Bluetooth DoS Attack on Public IoT Device\\\",\\n \\\"attacker_goal\\\": \\\"Disrupt IoT device operation through Bluetooth packet replay\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker identifies target ESP32 device with Bluetooth enabled\\\", \\\"Attacker captures or replays LMP IO Capability Request packets during pairing\\\", \\\"Target device experiences memory corruption and crashes/reboots\\\"],\\n \\\"likely_targets\\\": \\\"IoT devices in public spaces: smart displays, sensors, access control systems, or industrial monitoring devices with exposed Bluetooth\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Coordinated Physical DoS on Critical Infrastructure\\\",\\n \\\"attacker_goal\\\": \\\"Disrupt multiple IoT sensors in critical infrastructure through proximity-based attacks\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker gains physical access to facility with multiple ESP32-based sensors\\\", \\\"Attacker uses specialized Bluetooth equipment to replay LMP packets\\\", \\\"Multiple devices crash simultaneously, disrupting monitoring or control systems\\\"],\\n \\\"likely_targets\\\": \\\"Industrial IoT deployments, building automation systems, or environmental monitoring networks using ESP32 chips\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Hardening\\\",\\n \\\"mitigation_action\\\": [\\\"Update ESP-IDF to version 4.4.1 or later (if available) to address the LMP packet handling vulnerability\\\", \\\"Disable Bluetooth Classic on devices where it is not required for operational functionality\\\", \\\"Implement physical security controls to limit unauthorized Bluetooth access to critical IoT devices\\\"],\\n \\\"workarounds\\\": \\\"Disable Bluetooth when not needed; implement device restart/watchdog mechanisms to recover from crashes; place devices in physically secure locations to limit radio access\\\",\\n \\\"patching_notes\\\": \\\"Verify patch availability through Espressif's official GitHub repository. Test patches in non-production environment before deployment. Consider backward compatibility with existing Bluetooth device pairings.\\\",\\n \\\"verification_steps\\\": [\\\"Check ESP-IDF version on deployed devices to confirm patch level\\\", \\\"Monitor device logs for Bluetooth-related crashes or memory corruption errors\\\", \\\"Perform Bluetooth security assessment to verify mitigation effectiveness\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous firmware version. Document Bluetooth-dependent functionality that may be affected by disabling or patching.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor ESP32 device logs for unexpected reboots, crashes, or watchdog resets following Bluetooth pairing events\\\",\\n \\\"Deploy Bluetooth monitoring tools to detect unusual LMP packet patterns or repeated pairing attempts from unknown devices\\\",\\n \\\"Implement device health monitoring to detect DoS patterns across multiple ESP32 devices in same physical area\\\",\\n \\\"Search for Bluetooth stack memory corruption errors in system logs (specific error codes not provided in input data)\\\",\\n \\\"Monitor for devices entering pairing mode unexpectedly or outside normal operational windows\\\",\\n \\\"Correlate device crashes with physical access logs or security camera footage to identify potential attackers\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"https://dl.packetstormsecurity.net/papers/general/braktooth.pdf\\\",\\n \\\"epss\\\": \\\"0.00286\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Affects Espressif ESP32 chips used in numerous IoT products. Supply chain impact depends on device manufacturers' patch adoption rates.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Fixed version information\\\", \\\"Vendor patch availability details\\\", \\\"Specific error codes or crash signatures\\\", \\\"Detailed exploit code availability\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS scores vary between sources (0.2900 vs 0.00286) - using most recent EPSS value\\\", \\\"Affected version range may extend beyond 4.4 based on CPE patterns\\\"],\\n \\\"assumptions_made\\\": [\\\"ESP-IDF 4.4.1 or later likely contains fix, but not explicitly stated in input\\\", \\\"Memory corruption leads to crash based on description, but no specific crash details provided\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details clear, but missing patch specifics and exploit maturity information\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://dl.packetstormsecurity.net/papers/general/braktooth.pdf\\\",\\n \\\"https://github.com/espressif/esp-idf\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"16\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2024-53406\",\n            \"component_name\": \"esp-idf\",\n            \"component_version\": \"5.4\",\n            \"component_cpe\": \"cpe:2.3:a:espressif:esp_idf:5.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:github/espressif/esp-idf@v5.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2024-53406\\\",\\n \\\"title\\\": \\\"Espressif ESP-IDF v5.3.0 BLE Session Key Reuse Authentication Bypass\\\",\\n \\\"short_description\\\": \\\"Espressif ESP-IDF v5.3.0 contains an insecure permissions vulnerability in the BLE reconnection phase where the device reuses a session key from a previous connection, allowing an attacker to bypass authentication.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows an attacker to bypass authentication by exploiting the reuse of a session key during the BLE reconnection phase. With a HIGH severity CVSS score of 8.8 and network-based attack vector requiring no privileges, it poses a significant risk to devices using the affected ESP-IDF version, potentially leading to unauthorized access, data exfiltration, and device control.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"8.8\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\\\",\\n \\\"severity_label\\\": \\\"HIGH\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-287\\\"],\\n \\\"weakness_summary\\\": \\\"Improper Authentication - The vulnerability stems from reusing session keys during BLE reconnection, violating authentication protocols and allowing attackers to bypass security controls.\\\",\\n \\\"attack_surface\\\": \\\"Bluetooth Low Energy (BLE) connection establishment and reconnection mechanisms in IoT devices running ESP-IDF v5.3.0.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Public PoC\\\",\\n \\\"exploit_summary\\\": \\\"A public proof-of-concept exists demonstrating the authentication bypass through BLE session key reuse during reconnection.\\\",\\n \\\"evidence_signals\\\": [\\n \\\"Public PoC documentation available at GitHub repository\\\",\\n \\\"CVSS 3.1 score of 8.8 with network attack vector and low attack complexity\\\",\\n \\\"No authentication or privileges required for exploitation\\\"\\n ],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes - BLE proximity required\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"Yes - User interaction required per CVSS vector\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"High - Urgent Verification\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"High severity authentication bypass with public PoC available requires immediate verification of affected devices and implementation of mitigations. While not yet showing active exploitation signals, the low attack complexity and authentication bypass nature warrant urgent attention.\\\",\\n \\\"recommended_sla\\\": \\\"72 hours for initial assessment and mitigation planning\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"High impact on confidentiality, integrity, and availability (C:H/I:H/A:H) through complete authentication bypass.\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation allows complete bypass of authentication mechanisms, potentially granting unauthorized access to device functionality, sensitive data, and control capabilities.\\\",\\n \\\"blast_radius\\\": \\\"All IoT devices running ESP-IDF v5.3.0 with BLE functionality enabled are potentially affected. Impact scales with deployment size and criticality of device functions.\\\",\\n \\\"business_risk_rating\\\": \\\"4\\\",\\n \\\"business_risk_justification\\\": \\\"Authentication bypass vulnerability with public PoC poses significant risk to device security and data integrity. While requiring BLE proximity limits remote exploitation, affected IoT devices in sensitive environments or critical infrastructure warrant immediate attention.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Espressif ESP-IDF\\\"],\\n \\\"affected_versions\\\": \\\"v5.3.0\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Devices must have BLE functionality enabled and be running ESP-IDF v5.3.0.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Devices with BLE enabled and within wireless range are exposed. Internet exposure is indirect through BLE attack vectors.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"BLE Authentication Bypass Attack\\\",\\n \\\"attacker_goal\\\": \\\"Gain unauthorized access to IoT device functionality\\\",\\n \\\"steps_high_level\\\": [\\n \\\"Attacker establishes initial BLE connection with target device\\\",\\n \\\"Attacker disconnects and monitors for device reconnection attempt\\\",\\n \\\"Attacker exploits session key reuse to bypass authentication during reconnection phase\\\"\\n ],\\n \\\"likely_targets\\\": \\\"IoT devices using ESP-IDF v5.3.0 in accessible locations with BLE enabled\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Device Control Compromise\\\",\\n \\\"attacker_goal\\\": \\\"Take control of IoT device operations\\\",\\n \\\"steps_high_level\\\": [\\n \\\"Attacker captures BLE session key from legitimate connection\\\",\\n \\\"Attacker forces disconnection or waits for natural disconnection\\\",\\n \\\"Attacker reuses captured session key to establish unauthorized authenticated session\\\"\\n ],\\n \\\"likely_targets\\\": \\\"Smart home devices, industrial sensors, and critical infrastructure IoT endpoints\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Update\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade ESP-IDF to latest version if available, specifically addressing versions beyond v5.3.0.\\\",\\n \\\"Implement network segmentation to isolate BLE-enabled devices from critical network segments.\\\",\\n \\\"Deploy monitoring solutions to detect anomalous BLE connection patterns and authentication bypass attempts.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disable BLE functionality if not required for device operation, or implement additional authentication layers independent of the vulnerable session key mechanism.\\\",\\n \\\"patching_notes\\\": \\\"Verify patch availability from Espressif and test in non-production environment before deployment. Consider backward compatibility implications.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Inventory all devices running ESP-IDF v5.3.0 and identify those with BLE enabled.\\\",\\n \\\"Test authentication mechanisms after applying patches or workarounds.\\\",\\n \\\"Monitor BLE connection logs for signs of authentication bypass attempts.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of current firmware before patching. Ensure rollback procedures are tested and documented.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor BLE connection logs for repeated authentication attempts from same device with different session keys\\\",\\n \\\"Alert on BLE reconnection patterns that deviate from normal behavior\\\",\\n \\\"Detect BLE sessions established without proper authentication handshake completion\\\",\\n \\\"Hunt for devices establishing multiple concurrent BLE connections\\\",\\n \\\"Monitor for BLE session key reuse patterns in network traffic\\\",\\n \\\"Alert on BLE connections from unexpected or unauthorized devices\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"https://github.com/yangting111/BLE_TEST/blob/main/result/PoC/Esp/sk_reuse.md\\\",\\n \\\"epss\\\": \\\"0.00096\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Affects Espressif ESP-IDF framework used in various IoT devices across multiple vendors and industries.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\n \\\"Fixed versions information\\\",\\n \\\"Vendor patch availability details\\\",\\n \\\"Evidence of active exploitation\\\",\\n \\\"Detailed technical vulnerability analysis\\\"\\n ],\\n \\\"conflicts_or_ambiguities\\\": [\\n \\\"EPSS score discrepancy between sources (0.1000 vs 0.00096)\\\",\\n \\\"User interaction requirement in CVSS vector may conflict with automated exploitation scenarios\\\"\\n ],\\n \\\"assumptions_made\\\": [\\n \\\"BLE proximity is required for exploitation based on vulnerability nature\\\",\\n \\\"Session key reuse occurs during reconnection phase as described\\\",\\n \\\"Devices with BLE disabled are not affected\\\"\\n ],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear with public PoC, but missing vendor response and patch information limits complete assessment.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://github.com/espressif/esp-idf\\\",\\n \\\"https://github.com/yangting111/BLE_TEST/blob/main/result/PoC/Esp/sk_reuse.md\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"25\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2021-3420\",\n            \"component_name\": \"newlib\",\n            \"component_version\": \"4.1.0\",\n            \"component_cpe\": \"cpe:2.3:a:newlib_project:newlib:4.1.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/newlib@4.1.0\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2021-3420\\\",\\n \\\"title\\\": \\\"newlib Heap-Based Buffer Overflow via Integer Overflow in Memory Allocation Functions\\\",\\n \\\"short_description\\\": \\\"Integer overflow in newlib's memory allocation functions (memalign, pvalloc, nano_memalign, nano_valloc, nano_pvalloc) leads to undersized buffer allocation and subsequent heap-based buffer overflow.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows unauthenticated remote attackers to trigger heap corruption without user interaction, potentially leading to arbitrary code execution or denial of service. The affected library (newlib) is widely used in embedded systems and IoT devices, amplifying supply chain risk. With a critical CVSS 9.8 score and network-accessible attack vector, this represents a severe memory corruption flaw requiring immediate attention in exposed environments.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"9.8\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\\\",\\n \\\"severity_label\\\": \\\"CRITICAL\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-190\\\", \\\"CWE-122\\\"],\\n \\\"weakness_summary\\\": \\\"Integer overflow during size calculation in aligned memory allocation functions causes insufficient buffer allocation, leading to heap buffer overflow when writing data.\\\",\\n \\\"attack_surface\\\": \\\"Memory allocation APIs in newlib library (memalign, pvalloc, nano_memalign, nano_valloc, nano_pvalloc) when processing large or crafted size/alignment parameters.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"No explicit evidence of in-the-wild exploitation or public PoC found in input data. High exploitability inferred from CVSS metrics (network-accessible, no authentication, low complexity).\\\",\\n \\\"evidence_signals\\\": [\\n \\\"CVSS 3.1 vector indicates network-based attack with no privileges required\\\",\\n \\\"Low attack complexity per CVSS metrics\\\",\\n \\\"No CISA KEV listing or vendor exploitation reports present in input\\\",\\n \\\"EPSS score shows moderate exploitation probability (0.00228 base, 0.2300 EUVD variant)\\\"\\n ],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes (AV:N)\\\",\\n \\\"authentication_required\\\": \\\"No (PR:N)\\\",\\n \\\"user_interaction_required\\\": \\\"No (UI:N)\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low (AC:L)\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"High - Urgent Verification\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"Critical severity memory corruption with network-accessible attack vector requires immediate inventory assessment and patch verification. While no active exploitation is documented, the low attack complexity and high impact potential demand urgent attention, especially for internet-facing embedded devices.\\\",\\n \\\"recommended_sla\\\": \\\"Initial assessment within 24 hours; patch deployment within 7-14 days based on exposure\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Complete system compromise (Confidentiality/Integrity/Availability all High per CVSS)\\\",\\n \\\"technical_impact_details\\\": \\\"Heap-based buffer overflow enables arbitrary code execution, data corruption, or application crash. Successful exploitation could grant full control of affected systems.\\\",\\n \\\"blast_radius\\\": \\\"High - newlib is embedded in numerous IoT devices, embedded systems, and development toolchains. Fedora 32/33/34 distributions explicitly affected per CPE data.\\\",\\n \\\"business_risk_rating\\\": \\\"4\\\",\\n \\\"business_risk_justification\\\": \\\"Critical technical severity combined with supply chain exposure in embedded ecosystems creates significant risk. Internet-facing devices using newlib are particularly vulnerable. Lack of active exploitation reports reduces immediate urgency slightly, but memory corruption flaws historically attract rapid exploit development.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"newlib\\\", \\\"Fedora 32\\\", \\\"Fedora 33\\\", \\\"Fedora 34\\\"],\\n \\\"affected_versions\\\": \\\"newlib versions prior to 4.0.0\\\",\\n \\\"fixed_versions\\\": \\\"newlib 4.0.0 and later\\\",\\n \\\"configuration_dependencies\\\": \\\"Systems must use affected newlib versions and invoke vulnerable allocation functions with parameters that trigger integer overflow.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Critical - network-accessible systems using newlib are directly exposed. Embedded devices with network services are primary targets.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Remote Code Execution on IoT Device\\\",\\n \\\"attacker_goal\\\": \\\"Gain control of internet-facing embedded device\\\",\\n \\\"steps_high_level\\\": [\\n \\\"Identify target device using newlib <4.0.0 with network services\\\",\\n \\\"Craft malicious allocation request triggering integer overflow\\\",\\n \\\"Exploit heap overflow to achieve arbitrary code execution\\\"\\n ],\\n \\\"likely_targets\\\": \\\"IoT devices, embedded systems, network equipment using vulnerable newlib versions\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Supply Chain Compromise via Development Tools\\\",\\n \\\"attacker_goal\\\": \\\"Compromise downstream products through vulnerable toolchain\\\",\\n \\\"steps_high_level\\\": [\\n \\\"Identify products built with newlib-based toolchains\\\",\\n \\\"Influence build parameters or inputs to trigger vulnerable code paths\\\",\\n \\\"Achieve code execution in development or production environments\\\"\\n ],\\n \\\"likely_targets\\\": \\\"Firmware images, embedded applications, cross-compiled software\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Compensating Controls\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade newlib to version 4.0.0 or later on all affected systems and devices.\\\",\\n \\\"Deploy network segmentation and access controls to limit exposure of vulnerable embedded systems.\\\",\\n \\\"Implement heap hardening mechanisms (ASLR, stack canaries) where available to increase exploitation difficulty.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"patching_notes\\\": \\\"Verify patching in firmware updates for embedded devices. Test allocation function behavior post-update to ensure integer overflow protection.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Inventory all systems using newlib and verify versions against affected range (<4.0.0).\\\",\\n \\\"Test memory allocation functions with edge-case parameters to confirm overflow protection.\\\",\\n \\\"Review and validate firmware update mechanisms for embedded devices.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain pre-patch firmware/images for critical systems. Test allocation behavior regression in controlled environment before full deployment.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for abnormal memory allocation patterns or crashes in applications using newlib\\\",\\n \\\"Search logs for repeated allocation failures or unusual heap behavior in embedded systems\\\",\\n \\\"Hunt for network traffic targeting memory allocation APIs in IoT devices\\\",\\n \\\"Implement canary values in heap structures to detect overflow attempts\\\",\\n \\\"Monitor process behavior for unexpected code execution following allocation operations\\\",\\n \\\"Search for exploitation patterns in memory corruption detection tools (ASAN, Valgrind outputs)\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"No evidence of active exploitation found in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00228 (base), 0.2300 (EUV-D variant), 0.45443 percentile\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High - newlib is embedded in numerous downstream products, particularly IoT devices and embedded systems\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\n \\\"Detailed vendor advisory with patch availability timeline\\\",\\n \\\"Specific proof-of-concept exploit code or technical analysis\\\",\\n \\\"Information about affected IoT/firmware vendors using newlib\\\",\\n \\\"CISA KEV status or official exploitation reports\\\"\\n ],\\n \\\"conflicts_or_ambiguities\\\": [\\n \\\"EPSS scores show significant variation between sources (0.00228 vs 0.2300)\\\",\\n \\\"Limited detail on specific vulnerable function call patterns\\\",\\n \\\"No explicit confirmation of exploitability conditions\\\"\\n ],\\n \\\"assumptions_made\\\": [\\n \\\"Network accessibility inferred from CVSS AV:N metric\\\",\\n \\\"Exploitability assumed high based on CVSS 9.8 score despite lack of PoC\\\",\\n \\\"Fedora distributions used as proxy for broader Linux ecosystem exposure\\\"\\n ],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear, but exploitation specifics and real-world exposure require additional vendor documentation\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://bugzilla.redhat.com/show_bug.cgi?id=1934088\\\",\\n \\\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AEBF6YHWFNCBW5A2ENSQ3Z56ELF4MTRE/\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"11\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2021-28139\",\n            \"component_name\": \"esp-idf\",\n            \"component_version\": \"5.4\",\n            \"component_cpe\": \"cpe:2.3:a:espressif:esp_idf:5.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:github/espressif/esp-idf@v5.4\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2021-28139\\\",\\n \\\"title\\\": \\\"Espressif ESP-IDF Bluetooth Classic LMP Feature Response Extended Remote Code Execution Vulnerability\\\",\\n \\\"short_description\\\": \\\"The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier fails to properly restrict the Feature Page when processing an LMP Feature Response Extended packet. An attacker within radio range can send a crafted Extended Features bitfield payload to trigger arbitrary code execution on ESP32 devices.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows unauthenticated attackers within Bluetooth radio range to achieve remote code execution on vulnerable ESP32 devices. Given the widespread deployment of ESP32 in IoT devices, industrial control systems, and consumer products, successful exploitation could lead to device takeover, data exfiltration, or lateral movement into connected networks. The attack requires no user interaction and leverages a fundamental protocol handling flaw in the Bluetooth Classic stack.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"8.8\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\\\",\\n \\\"severity_label\\\": \\\"HIGH\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-787\\\"],\\n \\\"weakness_summary\\\": \\\"Improper validation of LMP Feature Response Extended packets leads to memory corruption or logic flaws enabling arbitrary code execution. The implementation does not properly restrict feature page boundaries, allowing crafted bitfield payloads to trigger unintended behavior.\\\",\\n \\\"attack_surface\\\": \\\"Bluetooth Classic (LMP protocol layer) - accessible to attackers within radio range (~10-100m depending on environment)\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Attack complexity is low with no authentication or user interaction required. Exploitation requires proximity (adjacent network vector) and specialized Bluetooth packet crafting capabilities. No evidence of in-the-wild exploitation found in input data.\\\",\\n \\\"evidence_signals\\\": [\\n \\\"CVSS 3.1 score of 8.8 with HIGH severity rating\\\",\\n \\\"EPSS score of 0.4600 (cves_euvd) and 0.00464 (cves_epss) indicating moderate exploitation likelihood\\\",\\n \\\"No CISA KEV listing or vendor-confirmed active exploitation mentioned in input data\\\",\\n \\\"Public research paper (braktooth.pdf) suggests potential exploit development\\\"\\n ],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Adjacent (Bluetooth radio range)\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"High - Urgent Verification\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"High CVSS score (8.8) with code execution impact and low attack complexity. While no active exploitation is confirmed, the vulnerability affects critical IoT infrastructure components. Immediate verification of ESP32 device inventory and deployment context is required to assess exposure.\\\",\\n \\\"recommended_sla\\\": \\\"Initial assessment within 24 hours; remediation planning within 72 hours\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Complete compromise of device confidentiality, integrity, and availability (C:H/I:H/A:H). Attackers can execute arbitrary code, potentially gaining persistent access to device firmware and connected systems.\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation results in full device control, enabling firmware modification, data theft, credential extraction, and potential lateral movement to connected networks. The vulnerability affects the Bluetooth stack at the LMP protocol layer, a core system component.\\\",\\n \\\"blast_radius\\\": \\\"All ESP32 devices running ESP-IDF 4.4 or earlier with Bluetooth Classic enabled are potentially vulnerable. Impact scope depends on device deployment density and network connectivity.\\\",\\n \\\"business_risk_rating\\\": \\\"4\\\",\\n \\\"business_risk_justification\\\": \\\"High technical severity combined with widespread IoT deployment creates significant risk. While exploitation requires proximity, compromised devices in critical infrastructure, medical equipment, or industrial control systems could lead to operational disruption, data breaches, or safety incidents. The 46% EPSS score indicates notable exploitation potential.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Espressif ESP-IDF\\\", \\\"Espressif ESP32\\\"],\\n \\\"affected_versions\\\": \\\"ESP-IDF 4.4 and earlier\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Bluetooth Classic must be enabled on ESP32 devices\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Devices physically accessible or deployed in public spaces are at highest risk. Network-connected ESP32 devices could serve as entry points for lateral movement.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Physical Proximity Device Takeover\\\",\\n \\\"attacker_goal\\\": \\\"Gain persistent access to vulnerable ESP32 device for surveillance or data exfiltration\\\",\\n \\\"steps_high_level\\\": [\\n \\\"Attacker identifies target ESP32 device within Bluetooth range using scanning tools\\\",\\n \\\"Crafts malicious LMP Feature Response Extended packet with manipulated bitfield payload\\\",\\n \\\"Transmits crafted packet to trigger code execution and install persistent backdoor\\\"\\n ],\\n \\\"likely_targets\\\": \\\"IoT devices in public spaces, industrial sensors, smart building controllers\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Supply Chain Compromise via Malicious Firmware\\\",\\n \\\"attacker_goal\\\": \\\"Infect devices during manufacturing or distribution for later activation\\\",\\n \\\"steps_high_level\\\": [\\n \\\"Attacker compromises ESP32 development environment or build pipeline\\\",\\n \\\"Injects exploit code into firmware that triggers upon receiving specific Bluetooth packet\\\",\\n \\\"Infected devices shipped to end users, awaiting remote activation command\\\"\\n ],\\n \\\"likely_targets\\\": \\\"Consumer IoT products, embedded systems in critical infrastructure\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Network Segmentation\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade all ESP32 devices to ESP-IDF version 4.4.1 or later immediately, as this version includes Bluetooth stack security improvements.\\\",\\n \\\"Implement network segmentation to isolate ESP32 devices from critical infrastructure, restricting lateral movement potential.\\\",\\n \\\"Deploy physical access controls and Bluetooth monitoring to detect unauthorized connection attempts to vulnerable devices.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Disable Bluetooth Classic on ESP32 devices if not required for operational functionality. Implement whitelisting for Bluetooth connections.\\\",\\n \\\"patching_notes\\\": \\\"Verify patch compatibility with existing firmware and test in isolated environment before production deployment. Consider firmware signing to prevent unauthorized modifications.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Inventory all ESP32 devices and verify current ESP-IDF versions against vulnerability scope.\\\",\\n \\\"Test Bluetooth functionality post-patch to ensure operational requirements are maintained.\\\",\\n \\\"Conduct vulnerability scanning or penetration testing to validate remediation effectiveness.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of pre-patch firmware and configuration. Document Bluetooth dependencies to assess rollback impact on connected systems.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor Bluetooth logs for unusual LMP packet patterns or connection attempts from unknown devices\\\",\\n \\\"Deploy EDR/IDS solutions to detect anomalous process execution or memory corruption on ESP32 devices\\\",\\n \\\"Implement network monitoring for unexpected outbound connections from IoT devices\\\",\\n \\\"Use Bluetooth scanning tools to identify unauthorized devices attempting to pair with ESP32 systems\\\",\\n \\\"Monitor for firmware modification indicators such as unexpected reboots or configuration changes\\\",\\n \\\"Deploy honeypot ESP32 devices in exposed locations to detect exploitation attempts\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"https://dl.packetstormsecurity.net/papers/general/braktooth.pdf\\\",\\n \\\"epss\\\": \\\"0.4600\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High - ESP32 is widely used in OEM products; vulnerability could affect multiple vendors and downstream products\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\n \\\"Fixed version information\\\",\\n \\\"Vendor advisory link\\\",\\n \\\"Detailed technical analysis of exploit mechanism\\\",\\n \\\"CISA KEV status confirmation\\\"\\n ],\\n \\\"conflicts_or_ambiguities\\\": [\\n \\\"EPSS score discrepancy: cves_euvd reports 0.4600 while cves_epss reports 0.00464 - likely different scoring methodologies or dates\\\",\\n \\\"Affected products list includes both software (ESP-IDF) and hardware (ESP32) without clear version mapping\\\"\\n ],\\n \\\"assumptions_made\\\": [\\n \\\"ESP-IDF 4.4.1 likely contains fixes based on publication date and version progression\\\",\\n \\\"Bluetooth Classic must be enabled for vulnerability exposure\\\",\\n \\\"Attack requires specialized Bluetooth packet crafting tools and knowledge\\\"\\n ],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear, but missing patch information and exploit maturity assessment limit complete risk evaluation\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://dl.packetstormsecurity.net/papers/general/braktooth.pdf\\\",\\n \\\"https://github.com/espressif/esp-idf\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"13\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2024-28183\",\n            \"component_name\": \"esp-idf\",\n            \"component_version\": \"5.4\",\n            \"component_cpe\": \"cpe:2.3:a:espressif:esp_idf:5.4:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:github/espressif/esp-idf@v5.4\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 6.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2024-28183\\\",\\n \\\"title\\\": \\\"ESP-IDF Bootloader TOCTOU Vulnerability Bypassing Anti-Rollback Protection\\\",\\n \\\"short_description\\\": \\\"A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the ESP-IDF bootloader implementation, allowing an attacker with physical access to the device's flash memory to bypass anti-rollback protection mechanisms.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability undermines anti-rollback protection, a critical security feature designed to prevent downgrade attacks. If exploited, an attacker can force the device to boot an older, potentially vulnerable application firmware version, circumventing security patches and exposing the device to previously mitigated threats. This is particularly significant for IoT devices deployed in physically accessible locations, as it enables attackers to revert firmware to a state with known exploitable weaknesses, potentially leading to complete device compromise, data exfiltration, or unauthorized control.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"6.1\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-367\\\"],\\n \\\"weakness_summary\\\": \\\"Time-of-Check to Time-of-Use (TOCTOU) race condition in the bootloader's anti-rollback check. The security version is read from flash, but an attacker with physical flash access can modify the data after the check, causing the bootloader to boot an older, less secure application.\\\",\\n \\\"attack_surface\\\": \\\"Physical access to the device's flash memory; the bootloader during the device boot sequence.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires physical access to the device's flash memory and the ability to modify its contents during a narrow timing window between the bootloader's security version check and the actual boot process. While technically complex, it is feasible for a determined attacker with specialized hardware.\\\",\\n \\\"evidence_signals\\\": [\\\"No evidence of in-the-wild exploitation found in input data.\\\", \\\"EPSS score suggests low widespread exploitation likelihood.\\\", \\\"Vendor has released patches addressing the vulnerability.\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"No\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low (once physical access to flash is obtained)\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"The vulnerability has a MEDIUM CVSS score (6.1) due to the physical access requirement (AV:P), which significantly limits remote exploitation. However, for IoT devices in physically exposed or untrusted environments, the risk of bypassing anti-rollback is substantial. The primary mitigation is patching the ESP-IDF framework and updating device firmware. This should be scheduled for the next maintenance cycle, prioritizing devices with high physical exposure.\\\",\\n \\\"recommended_sla\\\": \\\"Patch within 90 days for devices in physically accessible locations; 180 days for others.\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"High confidentiality and integrity impact on the device; no availability impact.\\\",\\n \\\"technical_impact_details\\\": \\\"An attacker who successfully exploits this vulnerability can bypass anti-rollback protection, forcing the device to load an older firmware version. This can lead to the re-introduction of previously patched vulnerabilities, potentially resulting in complete compromise of the device's confidentiality (data exfiltration) and integrity (unauthorized code execution). The device's availability is not directly affected.\\\",\\n \\\"blast_radius\\\": \\\"Limited to individual devices with vulnerable ESP-IDF versions and physical flash access. The impact does not automatically propagate to other network devices, but a compromised device can be used as a pivot for further attacks.\\\",\\n \\\"business_risk_rating\\\": \\\"3\\\",\\n \\\"business_risk_justification\\\": \\\"The risk is moderate for most deployments due to the physical access requirement. However, for organizations with large fleets of IoT devices in publicly accessible or untrusted locations (e.g., smart city sensors, industrial IoT in open areas), the risk is elevated. A compromised device can lead to data breaches, operational disruption, and reputational damage. The business risk is a '3' because while the vulnerability is serious, its exploitation is constrained by the need for physical access, making it less likely to be exploited at scale compared to network-based vulnerabilities.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"ESP-IDF\\\"],\\n \\\"affected_versions\\\": \\\"4.4.6, 5.0.6, 5.1.3, 5.2\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data (Patches are referenced in commit links: 3305cb4d235182067936f8e940e6db174e25b4b2, 4c95aa445d4e84f01f86b6f3a552aa299276abf3)\\\",\\n \\\"configuration_dependencies\\\": \\\"Devices using the vulnerable ESP-IDF bootloader implementation.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Low direct relevance, as the attack requires physical access. However, internet-exposed devices are often in physically accessible locations, increasing their risk profile.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Downgrade Attack on Unattended IoT Device\\\",\\n \\\"attacker_goal\\\": \\\"Bypass anti-rollback to load a vulnerable firmware version and gain full control of the device.\\\",\\n \\\"steps_high_level\\\": [\\\"Attacker gains physical access to the target IoT device (e.g., a smart sensor in a public space).\\\", \\\"Attacker uses specialized hardware to interface with the device's flash memory, monitoring the boot sequence.\\\", \\\"During the narrow window between the bootloader's anti-rollback check and the application load, the attacker modifies the flash to point to an older, vulnerable application partition, successfully booting the device with known exploitable firmware.\\\"],\\n \\\"likely_targets\\\": \\\"IoT devices in physically accessible locations, such as smart city infrastructure, industrial sensors, or consumer devices left unattended.\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Supply Chain Compromise via Pre-loaded Firmware\\\",\\n \\\"attacker_goal\\\": \\\"Compromise devices during manufacturing or distribution by pre-loading a vulnerable firmware image that can be activated later.\\\",\\n \\\"steps_high_level\\\": [\\\"An attacker with access to the manufacturing or distribution process flashes a device with a vulnerable firmware version and a seemingly secure newer version.\\\", \\\"The attacker programs the eFuse with a high security version, but includes a TOCTOU exploit in the bootloader.\\\", \\\"When the device is deployed, the attacker can later trigger the exploit remotely (if possible) or through physical access, forcing a rollback to the vulnerable firmware to gain persistence or control.\\\"],\\n \\\"likely_targets\\\": \\\"Devices during manufacturing, warehousing, or distribution before deployment.\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patching and Firmware Update\\\",\\n \\\"mitigation_action\\\": [\\\"Apply the official Espressif patches referenced in commits 3305cb4d235182067936f8e940e6db174e25b4b2 and 4c95aa445d4e84f01f86b6f3a552aa299276abf3 to the ESP-IDF framework.\\\", \\\"Rebuild and deploy updated firmware to all affected IoT devices, prioritizing those in physically exposed locations.\\\", \\\"Implement physical security controls for deployed devices to limit unauthorized physical access to flash memory interfaces.\\\"],\\n \\\"workarounds\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"patching_notes\\\": \\\"Patching requires updating the ESP-IDF framework to a version that includes the fixes, then rebuilding and flashing the device firmware. Ensure that the patched bootloader correctly validates the security version without the TOCTOU race condition.\\\",\\n \\\"verification_steps\\\": [\\\"Verify that the device is running a firmware version built with a patched ESP-IDF (version post-commit 3305cb4d235182067936f8e940e6db174e25b4b2).\\\", \\\"Test the anti-rollback mechanism by attempting to flash an older firmware version; the device should reject it.\\\", \\\"Conduct a physical security audit of deployed devices to assess exposure to unauthorized flash access.\\\"],\\n \\\"rollback_considerations\\\": \\\"Rolling back to a pre-patch firmware version would reintroduce the vulnerability. If a rollback is necessary for operational reasons, ensure that physical access to the device is strictly controlled during the rollback period.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor boot logs for anomalies or unexpected firmware version changes that might indicate a rollback attempt.\\\",\\n \\\"Deploy tamper-detection mechanisms (e.g., physical seals, intrusion sensors) on devices to alert on unauthorized physical access.\\\",\\n \\\"Use EDR or IoT monitoring solutions to detect unexpected behavior or network traffic from devices that may indicate compromise after a rollback.\\\",\\n \\\"Hunt for devices that suddenly exhibit signatures of older, known-vulnerable firmware versions in their network communications.\\\",\\n \\\"Implement secure boot verification in hardware (if supported) to cryptographically verify firmware integrity at boot, making TOCTOU attacks more difficult.\\\",\\n \\\"Audit device inventories for models and firmware versions known to be affected by CVE-2024-28183.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00041\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - The vulnerability can be exploited during the manufacturing or distribution phase to create backdoors in devices before deployment.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Fixed version numbers\\\", \\\"Detailed vendor advisory link\\\", \\\"Information on whether the vulnerability affects specific Espressif chip models\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS score from different sources shows minor variation (0.0400 vs 0.00041), but both indicate low exploitation likelihood.\\\", \\\"The description is truncated in the cves_euvd source, but the full description is available in the cves source.\\\"],\\n \\\"assumptions_made\\\": [\\\"Assumed that the CPE list and affected products list are accurate and comprehensive.\\\", \\\"Assumed that the commit links provided are the official patches for the vulnerability.\\\", \\\"Assumed that 'physical access' implies direct access to the flash memory chip or its interface.\\\"],\\n \\\"confidence\\\": \\\"Medium - The core vulnerability details are clear, but specific fixed versions and vendor advisories are not explicitly listed, requiring further verification.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://github.com/espressif/esp-idf/commit/3305cb4d235182067936f8e940e6db174e25b4b2\\\",\\n \\\"https://github.com/espressif/esp-idf/commit/4c95aa445d4e84f01f86b6f3a552aa299276abf3\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"67\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2024-5290\",\n            \"component_name\": \"wpa_supplicant\",\n            \"component_version\": \"2.10\",\n            \"component_cpe\": \"cpe:2.3:a:w1.fi:wpa_supplicant:2.10:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/wpa_supplicant@2.10\",\n            \"severity\": \"HIGH\",\n            \"cvss_score\": 8.8,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2024-5290\\\",\\n \\\"title\\\": \\\"Ubuntu wpa_supplicant Arbitrary Shared Object Loading Privilege Escalation\\\",\\n \\\"short_description\\\": \\\"Ubuntu wpa_supplicant allows loading arbitrary shared objects, enabling local unprivileged attackers to escalate privileges to root via netdev group membership or D-Bus interface access.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows local privilege escalation to root, the highest level of system access. Attackers with standard user accounts can gain complete control over affected Ubuntu systems, leading to data theft, malware deployment, and persistent access. The requirement for netdev group membership or D-Bus access provides multiple exploitation vectors, making this particularly dangerous in multi-user environments or systems with network management tools.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"8.8\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\\\",\\n \\\"severity_label\\\": \\\"HIGH\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-94\\\"],\\n \\\"weakness_summary\\\": \\\"Improper Control of Generation of Code (Code Injection) - The vulnerability allows attackers to specify arbitrary paths to shared objects that wpa_supplicant loads, leading to code execution in the context of the wpa_supplicant process (typically root).\\\",\\n \\\"attack_surface\\\": \\\"Local system access through wpa_supplicant's module loading mechanism, exploitable via netdev group membership or D-Bus interface manipulation.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"High\\\",\\n \\\"exploit_summary\\\": \\\"High likelihood of exploitation due to low attack complexity, no user interaction required, and multiple access vectors (netdev group membership, D-Bus interface). Local access with low privileges can lead to root compromise.\\\",\\n \\\"evidence_signals\\\": [\\n \\\"CVSS 3.1 score of 8.8 with HIGH severity rating\\\",\\n \\\"Attack Vector: Local (AV:L) with Low Attack Complexity (AC:L)\\\",\\n \\\"Low Privileges Required (PR:L) with no User Interaction (UI:N)\\\",\\n \\\"Scope changed (S:C) indicating impact beyond the vulnerable component\\\",\\n \\\"High impacts on Confidentiality, Integrity, and Availability (C:H/I:H/A:H)\\\"\\n ],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"No\\\",\\n \\\"authentication_required\\\": \\\"Yes - local user account required\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"Low - standard user with netdev group membership or D-Bus access\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"High - Urgent Verification\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"High severity local privilege escalation to root with low attack complexity and multiple exploitation vectors. While not requiring internet exposure, this poses significant risk to multi-user Ubuntu systems and those with network management capabilities. The combination of netdev group membership (common in network administration scenarios) and D-Bus access creates multiple pathways for exploitation.\\\",\\n \\\"recommended_sla\\\": \\\"7 days for verification and patch deployment\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Complete system compromise (Confidentiality: High, Integrity: High, Availability: High)\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation grants root-level access to the entire system, enabling complete control over all processes, files, and system resources. Attackers can install persistent backdoors, access all user data, modify system configurations, and disable security controls.\\\",\\n \\\"blast_radius\\\": \\\"High - affects all Ubuntu systems with vulnerable wpa_supplicant versions, particularly those with users in netdev group or D-Bus access. Multi-user systems face highest risk due to increased attack surface.\\\",\\n \\\"business_risk_rating\\\": \\\"4\\\",\\n \\\"business_risk_justification\\\": \\\"Root-level compromise enables complete system control, data exfiltration, and persistent access. The vulnerability affects Ubuntu systems (widely deployed in enterprise environments) and requires only local user access, making it particularly dangerous in shared hosting, development environments, or systems with multiple administrative users. The low attack complexity increases likelihood of successful exploitation.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Ubuntu Linux with wpa_supplicant\\\"],\\n \\\"affected_versions\\\": \\\"Ubuntu Linux (specific versions not detailed in input data)\\\",\\n \\\"fixed_versions\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires netdev group membership or D-Bus interface access for exploitation. wpa_supplicant typically runs as root.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Not directly relevant - local privilege escalation vulnerability. However, compromised systems with internet exposure could be used for external attacks.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Network Administrator Privilege Escalation\\\",\\n \\\"attacker_goal\\\": \\\"Gain root access through legitimate network management privileges\\\",\\n \\\"steps_high_level\\\": [\\n \\\"Attacker obtains standard user account with network administration duties\\\",\\n \\\"User is added to netdev group for legitimate network configuration tasks\\\",\\n \\\"Attacker crafts malicious shared object and specifies path through wpa_supplicant interface\\\",\\n \\\"wpa_supplicant loads malicious code with root privileges\\\",\\n \\\"Attacker achieves complete system compromise\\\"\\n ],\\n \\\"likely_targets\\\": \\\"Ubuntu systems with network administrators or users requiring wireless configuration capabilities\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"D-Bus Interface Exploitation\\\",\\n \\\"attacker_goal\\\": \\\"Escalate from standard user to root via D-Bus communication\\\",\\n \\\"steps_high_level\\\": [\\n \\\"Attacker gains access to standard user account on Ubuntu system\\\",\\n \\\"Attacker identifies D-Bus interface access to wpa_supplicant\\\",\\n \\\"Malicious shared object is created in attacker-controlled directory\\\",\\n \\\"D-Bus messages are sent to wpa_supplicant specifying arbitrary module path\\\",\\n \\\"Root-level code execution achieved through loaded malicious module\\\"\\n ],\\n \\\"likely_targets\\\": \\\"Multi-user Ubuntu systems with D-Bus services enabled, particularly those with wireless networking capabilities\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Hardening\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Apply Ubuntu security updates for wpa_supplicant immediately to prevent arbitrary shared object loading.\\\",\\n \\\"Review and restrict netdev group membership to essential personnel only, removing unnecessary users from the group.\\\",\\n \\\"Implement D-Bus access controls to limit wpa_supplicant interface exposure to trusted users and processes.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"patching_notes\\\": \\\"Ubuntu security updates should address the arbitrary shared object loading mechanism. Verify that wpa_supplicant no longer accepts arbitrary module paths from unprivileged sources.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Check current wpa_supplicant version against Ubuntu security advisory to confirm patch application.\\\",\\n \\\"Test privilege escalation attempts using known exploitation methods to verify mitigation effectiveness.\\\",\\n \\\"Audit netdev group membership and D-Bus access controls to ensure proper restriction of wpa_supplicant interfaces.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Standard package management rollback procedures apply. Test patches in non-production environment before deployment to ensure compatibility with existing network configurations.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor for unusual wpa_supplicant process behavior, including loading of non-standard shared objects from user-writable directories.\\\",\\n \\\"Alert on D-Bus messages to wpa_supplicant from non-privileged users specifying custom module paths.\\\",\\n \\\"Detect privilege escalation attempts by monitoring for wpa_supplicant child processes running with elevated privileges.\\\",\\n \\\"Hunt for suspicious file creation in temporary directories followed by wpa_supplicant module loading activity.\\\",\\n \\\"Monitor netdev group membership changes and correlate with subsequent wpa_supplicant interactions.\\\",\\n \\\"Alert on wpa_supplicant crashes or unexpected termination events, which may indicate exploitation attempts.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.2500\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - affects Ubuntu Linux distribution components, potentially impacting organizations using Ubuntu in their infrastructure or development environments.\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\n \\\"Specific affected Ubuntu versions\\\",\\n \\\"Fixed version information\\\",\\n \\\"Vendor advisory details\\\",\\n \\\"CISA KEV status\\\",\\n \\\"Public exploit availability confirmation\\\"\\n ],\\n \\\"conflicts_or_ambiguities\\\": [\\n \\\"EPSS score discrepancy: cves_euvd reports 0.2500 while cves_epss reports 0.00248 - using cves_euvd value as it appears more authoritative\\\",\\n \\\"Limited detail on exact exploitation mechanisms and D-Bus interface specifics\\\"\\n ],\\n \\\"assumptions_made\\\": [\\n \\\"wpa_supplicant typically runs as root based on standard Ubuntu configurations\\\",\\n \\\"netdev group membership provides sufficient access for exploitation\\\",\\n \\\"D-Bus interface access is available in typical Ubuntu installations\\\"\\n ],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details are clear, but specific affected versions, patch information, and exploitation details require additional vendor documentation.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613\\\",\\n \\\"https://snyk.io/blog/abusing-ubuntu-root-privilege-escalation/\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-23T23:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"102\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2022-35409\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"CRITICAL\",\n            \"cvss_score\": 9.1,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": true,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2022-35409\\\",\\n \\\"title\\\": \\\"Mbed TLS DTLS Server Heap-Based Buffer Over-Read Vulnerability\\\",\\n \\\"short_description\\\": \\\"Mbed TLS versions before 2.28.1 and 3.x before 3.2.0 contain a heap-based buffer over-read vulnerability in DTLS server implementations when specific configurations are enabled. An unauthenticated attacker can send a malicious ClientHello message causing up to 255 bytes of buffer over-read, leading to server crash or potential information disclosure.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability affects DTLS servers using Mbed TLS in specific configurations, allowing remote unauthenticated attackers to potentially crash services or leak sensitive information from heap memory. The high CVSS score (9.1) reflects the network-accessible nature, low attack complexity, and potential for information disclosure without authentication. DTLS is commonly used in IoT devices, VPNs, and secure communication protocols, making this relevant to embedded systems and network infrastructure.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"9.1\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\\\",\\n \\\"severity_label\\\": \\\"CRITICAL\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-126\\\"],\\n \\\"weakness_summary\\\": \\\"Buffer over-read in DTLS server implementation when processing malformed ClientHello messages with specific configuration combinations enabled\\\",\\n \\\"attack_surface\\\": \\\"DTLS server endpoints with MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN below threshold (258 bytes minimum)\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Medium\\\",\\n \\\"exploit_summary\\\": \\\"Vulnerability requires specific Mbed TLS configurations but allows remote exploitation without authentication. The attack complexity is low once the configuration requirements are met.\\\",\\n \\\"evidence_signals\\\": [\\\"CVSS 3.1 score of 9.1 indicates high severity\\\", \\\"EPSS score of 0.00838 (73.9th percentile) suggests moderate exploitation likelihood\\\", \\\"No explicit evidence of active exploitation in input data\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Network\\\",\\n \\\"authentication_required\\\": \\\"None\\\",\\n \\\"user_interaction_required\\\": \\\"None\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"Low\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"High - Urgent Verification\\\",\\n \\\"triage_team\\\": \\\"Security Engineering\\\",\\n \\\"triage_rationale\\\": \\\"Critical severity vulnerability in cryptographic library affecting DTLS implementations. Requires immediate verification of affected configurations and assessment of exposure in network-accessible DTLS services. The combination of no authentication requirement and potential information disclosure warrants urgent attention despite configuration dependencies.\\\",\\n \\\"recommended_sla\\\": \\\"48 hours for assessment and mitigation planning\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"High confidentiality impact (information disclosure), High availability impact (service crash), No integrity impact\\\",\\n \\\"technical_impact_details\\\": \\\"Heap-based buffer over-read of up to 255 bytes can expose sensitive information from server memory including cryptographic keys, session data, or application-specific sensitive content. Service crash leads to denial of service. The vulnerability is triggerable remotely without authentication.\\\",\\n \\\"blast_radius\\\": \\\"All DTLS servers using affected Mbed TLS versions with vulnerable configurations. Impact extends to systems relying on DTLS for secure communication including IoT devices, VPN endpoints, and embedded systems.\\\",\\n \\\"business_risk_rating\\\": \\\"4\\\",\\n \\\"business_risk_justification\\\": \\\"High business risk due to potential for information disclosure of sensitive data from heap memory, service disruption to critical DTLS-dependent services, and widespread deployment of Mbed TLS in embedded and IoT ecosystems. Risk is elevated for internet-facing DTLS services and systems handling sensitive cryptographic material.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Mbed TLS\\\", \\\"Debian Linux 10.0\\\"],\\n \\\"affected_versions\\\": \\\"Mbed TLS versions before 2.28.1 and 3.x before 3.2.0\\\",\\n \\\"fixed_versions\\\": \\\"Mbed TLS 2.28.1 and 3.2.0 or later\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled AND MBEDTLS_SSL_IN_CONTENT_LEN less than threshold (258 bytes minimum)\\\",\\n \\\"internet_exposure_relevance\\\": \\\"Critical - vulnerability affects network-accessible DTLS servers, making internet-facing endpoints particularly vulnerable to remote exploitation\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Remote Information Disclosure Attack\\\",\\n \\\"attacker_goal\\\": \\\"Extract sensitive information from DTLS server heap memory\\\",\\n \\\"steps_high_level\\\": [\\\"Identify target DTLS server using affected Mbed TLS version with vulnerable configuration\\\", \\\"Craft malicious ClientHello message triggering buffer over-read\\\", \\\"Analyze server responses or error messages to extract leaked memory contents\\\"],\\n \\\"likely_targets\\\": \\\"Internet-facing DTLS servers, IoT devices, VPN endpoints, embedded systems using Mbed TLS\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Denial of Service Attack\\\",\\n \\\"attacker_goal\\\": \\\"Crash DTLS server causing service disruption\\\",\\n \\\"steps_high_level\\\": [\\\"Send specially crafted invalid ClientHello message to target DTLS server\\\", \\\"Trigger heap-based buffer over-read exceeding allocated memory bounds\\\", \\\"Cause server crash or unresponsive state through memory corruption\\\"],\\n \\\"likely_targets\\\": \\\"Critical infrastructure DTLS services, embedded devices with limited crash recovery capabilities\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch and Configuration Update\\\",\\n \\\"mitigation_action\\\": [\\\"Upgrade Mbed TLS to version 2.28.1 or later for 2.x branch, or 3.2.0 or later for 3.x branch immediately\\\", \\\"Review and audit all DTLS server configurations to identify systems with MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN below safe thresholds\\\", \\\"Implement network-level controls including rate limiting and input validation for DTLS traffic to reduce attack surface\\\"],\\n \\\"workarounds\\\": \\\"Disable MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE configuration if not required, or increase MBEDTLS_SSL_IN_CONTENT_LEN to 258 bytes or higher\\\",\\n \\\"patching_notes\\\": \\\"Patches available in Mbed TLS 2.28.1 and 3.2.0 releases. Debian Linux 10.0 users should apply security updates when available through official repositories.\\\",\\n \\\"verification_steps\\\": [\\\"Verify Mbed TLS version on all DTLS-enabled systems against affected version ranges\\\", \\\"Test DTLS functionality after patching to ensure service continuity\\\", \\\"Monitor logs for any exploitation attempts or anomalous ClientHello messages\\\"],\\n \\\"rollback_considerations\\\": \\\"Maintain backup of previous Mbed TLS library versions and configuration files. Test rollback procedures in non-production environment before deployment.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor DTLS server logs for malformed ClientHello messages or connection attempts with unusual packet structures\\\",\\n \\\"Implement IDS/IPS rules detecting buffer over-read patterns in DTLS traffic or abnormal memory access behaviors\\\",\\n \\\"Use EDR solutions to monitor Mbed TLS processes for abnormal memory reads, crashes, or heap corruption indicators\\\",\\n \\\"Hunt for network traffic patterns showing repeated ClientHello messages with variations targeting DTLS ports\\\",\\n \\\"Monitor system logs for Mbed TLS process crashes, segmentation faults, or memory access violations\\\",\\n \\\"Deploy network monitoring for DTLS protocol anomalies including truncated packets or oversized ClientHello messages\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00838\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"High - Mbed TLS is widely used in embedded systems, IoT devices, and as cryptographic library dependency in various software products\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed vendor advisory link\\\", \\\"Specific exploit code availability\\\", \\\"CISA KEV status\\\", \\\"Complete list of affected products beyond Mbed TLS and Debian\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"EPSS score discrepancy between sources (0.7900 vs 0.00838) - using 0.00838 as primary EPSS value\\\", \\\"Limited information on exact configuration threshold values beyond 258 bytes reference\\\"],\\n \\\"assumptions_made\\\": [\\\"Configuration threshold of 258 bytes for MBEDTLS_SSL_IN_CONTENT_LEN based on description reference\\\", \\\"DTLS protocol usage primarily in IoT and embedded contexts\\\", \\\"Information disclosure potential includes cryptographic material and session data\\\"],\\n \\\"confidence\\\": \\\"High confidence in vulnerability assessment based on clear CVSS scoring, detailed description, and specific version information. Moderate confidence in exploitation likelihood due to configuration dependencies.\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://github.com/Mbed-TLS/mbedtls/releases\\\",\\n \\\"https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\\n\"\n        },\n        {\n            \"id\": \"122\",\n            \"scan_report_id\": \"1\",\n            \"cve_id\": \"CVE-2025-48965\",\n            \"component_name\": \"mbedtls\",\n            \"component_version\": \"3.6.0\",\n            \"component_cpe\": \"cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*\",\n            \"component_purl\": \"pkg:generic/mbedtls@3.6.0\",\n            \"severity\": \"MEDIUM\",\n            \"cvss_score\": 4,\n            \"has_epss_data\": true,\n            \"has_cisa_kev\": false,\n            \"has_euvd_data\": false,\n            \"has_llm_enrichment\": true,\n            \"llm_priority\": null,\n            \"llm_remediation\": null,\n            \"created_at\": \"2025-12-15T10:41:12.102Z\",\n            \"llm_enrichment\": \"{\\n \\\"cve_id\\\": \\\"CVE-2025-48965\\\",\\n \\\"title\\\": \\\"Mbed TLS NULL Pointer Dereference Vulnerability\\\",\\n \\\"short_description\\\": \\\"Mbed TLS before version 3.6.4 contains a NULL pointer dereference vulnerability in the mbedtls_asn1_store_named_data function, triggered when conflicting data results in a NULL val.p pointer but a val.len greater than zero, leading to application availability impact.\\\",\\n \\\"why_it_matters\\\": \\\"This vulnerability allows remote attackers to cause a denial-of-service condition in applications using affected Mbed TLS versions. While the impact is limited to availability (no confidentiality/integrity compromise), Mbed TLS is widely embedded in IoT devices, network equipment, and enterprise systems where service disruption carries operational and financial risk. The network-accessible attack vector with low privileges increases exposure potential in internet-facing deployments.\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"3.1\\\",\\n \\\"cvss_base_score\\\": \\\"4.0\\\",\\n \\\"cvss_vector\\\": \\\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L\\\",\\n \\\"severity_label\\\": \\\"MEDIUM\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"CWE-476\\\"],\\n \\\"weakness_summary\\\": \\\"NULL pointer dereference in ASN.1 data handling function when val.p is NULL but val.len > 0, causing application crash or termination.\\\",\\n \\\"attack_surface\\\": \\\"Network-accessible TLS/DTLS implementations using Mbed TLS for certificate parsing, ASN.1 data handling, or cryptographic operations.\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"Low\\\",\\n \\\"exploit_summary\\\": \\\"Exploitation requires high attack complexity with network access but no authentication. The vulnerability has low EPSS score (0.00096) indicating minimal current exploitation likelihood.\\\",\\n \\\"evidence_signals\\\": [\\\"EPSS score 0.00096 (0.27th percentile)\\\", \\\"No CISA KEV listing\\\", \\\"No public exploit references in input data\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"Yes\\\",\\n \\\"authentication_required\\\": \\\"No\\\",\\n \\\"user_interaction_required\\\": \\\"No\\\",\\n \\\"privileges_required\\\": \\\"None\\\",\\n \\\"attack_complexity\\\": \\\"High\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"Medium - Schedule Patch\\\",\\n \\\"triage_team\\\": \\\"Patching Operations\\\",\\n \\\"triage_rationale\\\": \\\"Medium severity DoS vulnerability with high attack complexity and low observed exploitation likelihood. Prioritize patching during regular maintenance cycles for systems with internet exposure or critical availability requirements.\\\",\\n \\\"recommended_sla\\\": \\\"90 days for internet-facing systems; 180 days for internal systems\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"Availability impact only - denial of service through application crash or termination.\\\",\\n \\\"technical_impact_details\\\": \\\"Successful exploitation causes NULL pointer dereference leading to segmentation fault and application termination. No code execution, information disclosure, or privilege escalation possible.\\\",\\n \\\"blast_radius\\\": \\\"Limited to individual application instances using affected Mbed TLS versions. Scope (S:C) indicates potential impact across multiple system components if shared library is used.\\\",\\n \\\"business_risk_rating\\\": \\\"2\\\",\\n \\\"business_risk_justification\\\": \\\"Availability impact with moderate business risk. Critical for systems requiring high uptime, but low exploitation likelihood and contained impact scope reduce urgency. IoT devices and network equipment may face higher risk due to difficult patching cycles.\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"Arm Mbed TLS\\\"],\\n \\\"affected_versions\\\": \\\"All versions before 3.6.4\\\",\\n \\\"fixed_versions\\\": \\\"3.6.4 and later\\\",\\n \\\"configuration_dependencies\\\": \\\"Requires applications to use mbedtls_asn1_store_named_data function with malformed ASN.1 data inputs.\\\",\\n \\\"internet_exposure_relevance\\\": \\\"High relevance for internet-facing TLS/DTLS endpoints, certificate validation services, and embedded devices with network connectivity.\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"Remote DoS Against TLS Services\\\",\\n \\\"attacker_goal\\\": \\\"Disrupt service availability by crashing TLS-enabled applications\\\",\\n \\\"steps_high_level\\\": [\\\"Craft malicious ASN.1 data with NULL pointer but non-zero length\\\", \\\"Send crafted data to target TLS service endpoint\\\", \\\"Trigger mbedtls_asn1_store_named_data function execution causing NULL dereference\\\"],\\n \\\"likely_targets\\\": \\\"Internet-facing HTTPS servers, VPN concentrators, IoT device management interfaces using Mbed TLS\\\"\\n },\\n {\\n \\\"scenario_name\\\": \\\"Certificate Processing DoS\\\",\\n \\\"attacker_goal\\\": \\\"Disrupt certificate validation or parsing operations\\\",\\n \\\"steps_high_level\\\": [\\\"Generate malformed certificate or ASN.1 structure\\\", \\\"Submit to certificate processing service using Mbed TLS\\\", \\\"Exploit NULL pointer dereference during certificate chain validation\\\"],\\n \\\"likely_targets\\\": \\\"PKI infrastructure, certificate validation services, embedded devices performing certificate verification\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"Patch Management\\\",\\n \\\"mitigation_action\\\": [\\n \\\"Upgrade Mbed TLS to version 3.6.4 or later immediately for all affected deployments.\\\",\\n \\\"Implement input validation and sanitization for ASN.1 data processing in applications using Mbed TLS.\\\",\\n \\\"Deploy network-level protections such as rate limiting and input filtering for TLS-enabled services.\\\"\\n ],\\n \\\"workarounds\\\": \\\"Restrict network access to affected services using firewall rules or network segmentation to reduce attack surface.\\\",\\n \\\"patching_notes\\\": \\\"Coordinate patching with application teams to ensure compatibility testing. Embedded devices may require firmware updates from vendors.\\\",\\n \\\"verification_steps\\\": [\\n \\\"Verify Mbed TLS version using mbedtls_version_get_string() or package manager queries.\\\",\\n \\\"Test TLS functionality after patching to ensure no regression in certificate handling.\\\",\\n \\\"Monitor application logs for crash events or abnormal terminations related to ASN.1 processing.\\\"\\n ],\\n \\\"rollback_considerations\\\": \\\"Maintain previous version backups and test rollback procedures. Document any configuration changes made during patching.\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\n \\\"Monitor application crash logs for segmentation fault signals (SIGSEGV) in processes using Mbed TLS.\\\",\\n \\\"Deploy network monitoring to detect malformed ASN.1 structures or unusual certificate patterns.\\\",\\n \\\"Implement EDR rules to alert on repeated application crashes of TLS-enabled services.\\\",\\n \\\"Search for abnormal network patterns targeting TLS handshake or certificate exchange phases.\\\",\\n \\\"Monitor system logs for core dumps or abnormal process terminations in Mbed TLS applications.\\\",\\n \\\"Hunt for scanning activity targeting unusual TLS ports or certificate validation endpoints.\\\"\\n ],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"No evidence of active exploitation in input data\\\",\\n \\\"public_exploit_references\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"epss\\\": \\\"0.00096 (0.27264 percentile)\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"Medium - Mbed TLS is embedded in numerous IoT devices, networking equipment, and enterprise applications, creating supply chain exposure\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"Detailed affected version ranges\\\", \\\"Specific vendor patch availability dates\\\", \\\"Exploit code availability status\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"No conflicts identified in provided data\\\"],\\n \\\"assumptions_made\\\": [\\\"CWE-476 (NULL Pointer Dereference) inferred from description\\\", \\\"High attack complexity assumed from CVSS AC:H metric\\\"],\\n \\\"confidence\\\": \\\"Medium - Core vulnerability details confirmed through official security advisory, but limited exploitation intelligence available\\\"\\n },\\n\\n \\\"references\\\": [\\n \\\"https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-6.md\\\",\\n \\\"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/\\\"\\n ],\\n\\n \\\"generated_at\\\": \\\"2025-11-24T00:00:00.000Z\\\"\\n}\\n\"\n        }\n    ]\n}"}],"_postman_id":"571536e4-dbea-4c84-966a-3c8e0642a66a"}],"id":"a6b0ff13-03dd-47f7-a1a3-7140225af7a9","_postman_id":"a6b0ff13-03dd-47f7-a1a3-7140225af7a9","description":""},{"name":"New Folder","item":[],"id":"22866db9-b172-4bda-b688-0d11cdd9237b","_postman_id":"22866db9-b172-4bda-b688-0d11cdd9237b","description":""}],"id":"ccc8ae09-c081-49af-adee-78e59fd3903d","_postman_id":"ccc8ae09-c081-49af-adee-78e59fd3903d","description":""},{"name":"Hbom","item":[{"name":"Simply","item":[{"name":"generate hbom","id":"f1fc7bf3-511b-436b-87cc-e5e36d66c63b","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"{{sl-host}}:2999/hbom/simply/generate","urlObject":{"port":"2999","path":["hbom","simply","generate"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"f1fc7bf3-511b-436b-87cc-e5e36d66c63b"},{"name":"generate hbom Copy","id":"455de65d-433c-485d-8a2a-0b1cdfe7e368","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"{{sl-host}}:2999/simply/ui/components","urlObject":{"port":"2999","path":["simply","ui","components"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"455de65d-433c-485d-8a2a-0b1cdfe7e368"}],"id":"fe1dbe6a-4190-4084-b1b9-71854e2f4fa2","_postman_id":"fe1dbe6a-4190-4084-b1b9-71854e2f4fa2","description":""},{"name":"Analysis","item":[{"name":"hbom-scanner","id":"f626bf32-9f43-47a3-9d59-d465ce351dad","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n    \"hbomFile\": \"services/products-hbom-builder/simply-connect/output/xmbx4-bom.json\",\r\n    \"outputJson\": \"services/products-hbom-vulnerability-scanner/report/hbom-scan-report.json\",\r\n    \"outputHtml\": \"services/products-hbom-vulnerability-scanner/report/hbom-scan-report.html\",\r\n    \"enrichment\": \"internal\", // internal | complete | none\r\n    \"promptFormat\": \"json\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{sl-host}}:2999/hbom-scanner","urlObject":{"port":"2999","path":["hbom-scanner"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"f626bf32-9f43-47a3-9d59-d465ce351dad"}],"id":"6f48c3c2-3cdb-40c1-8561-6b1ab1be9b54","_postman_id":"6f48c3c2-3cdb-40c1-8561-6b1ab1be9b54","description":""},{"name":"Enrichment","item":[{"name":"ai enrichment: by reportId","id":"2ad0c064-45d9-4e2b-85e9-24a2451ceb3a","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n  \"reportId\": 1,\r\n  \"llm\": {\r\n        \"provider\": \"openrouter\",\r\n        \"baseUrl\": \"https://openrouter.ai/api/v1\",\r\n        \"model\": \"nex-agi/deepseek-v3.1-nex-n1:free\",\r\n        \"apiKey\": \"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\",\r\n        \"systemPrompt\": \"You are a Tier-3 cybersecurity vulnerability analyst specialized in rapid, structured CVE record analysis and actionable remediation guidance for enterprise environments. Your task is to analyze the provided CVE JSON and produce a single, valid JSON object as output.\\n\\nHard rules:\\n- Output MUST be ONLY one JSON object (no markdown, no commentary, no extra text).\\n- Every output field MUST be filled.\\n- Use ONLY evidence from the input data. If a specific detail is not available, write: \\\"Not available / Not specified in input data\\\".\\n- Do NOT invent CVSS values, affected versions, exploit claims, vendor statements, patch links, or dates.\\n- If the input contains multiple/conflicting values, choose the most authoritative (prefer CNA/vendor > NVD enrichment > third-party) and note the conflict in the dedicated field.\\n- Keep text concise but not superficial: aim for practical, enterprise-ready detail (roughly 250–900 words total across all text fields).\\n\\nInput you will receive:\\n1) CVE data (JSON): {{CVE_JSON}}\\n2) Optional environment & asset context (JSON): {{CONTEXT_JSON}}\\n\\nContext JSON (may be empty) can include, for example:\\n- organization_profile: sector, criticality, regulatory constraints\\n- deployment_model: cloud/on-prem, internet exposure, segmentation\\n- asset_inventory: product names, versions, OS, dependencies\\n- compensating_controls: WAF, EDR, IPS, hardening baselines\\n- patching_constraints: maintenance windows, change control requirements\\n\\nYour objectives:\\nA) Summarize what the vulnerability is and why it matters.\\nB) Determine exploitability likelihood and current exploitation signals based on input.\\nC) Provide triage category and recommended owning team.\\nD) Provide a deep assessment: security impact (C/I/A), technical prerequisites, blast radius, and business risk.\\nE) Provide enrichment: affected components, attack vectors, detection ideas, mitigations, patch strategy, verification steps, and references present in input.\\n\\nClassification guidance:\\n- exploit_status allowed values: \\\"In-the-Wild\\\", \\\"Public PoC\\\", \\\"High\\\", \\\"Medium\\\", \\\"Low\\\", \\\"None\\\", \\\"Not available / Not specified in input data\\\".\\n Use:\\n - \\\"In-the-Wild\\\" if input explicitly indicates active exploitation (e.g., CISA KEV, vendor advisory, NVD notes).\\n - \\\"Public PoC\\\" if input explicitly references a PoC exploit.\\n - Otherwise infer likelihood from CVSS metrics (AV/AC/PR/UI), vulnerability class, and exposure prerequisites.\\n- triage_category allowed values: \\\"Critical - Patch Immediately\\\", \\\"High - Urgent Verification\\\", \\\"Medium - Schedule Patch\\\", \\\"Low - Monitor\\\".\\n- triage_team allowed values: \\\"Incident Response\\\", \\\"Patching Operations\\\", \\\"Security Engineering\\\", \\\"Monitoring\\\".\\n- business_risk_rating: integer string \\\"1\\\" to \\\"5\\\" (5 = highest).\\n\\nOutput requirements:\\nReturn exactly one JSON object matching the schema below.\\n- Keep arrays as arrays.\\n- mitigation_action MUST contain exactly 3 steps, each step a full sentence starting with a strong verb.\\n- detection_and_hunting MUST contain 3–6 concrete ideas.\\n- affected_products MUST be a non-empty array; if unknown, include one item with \\\"Not available / Not specified in input data\\\".\\n- references MUST include only URLs present in the input. If no URLs exist in input, put an empty array.\\n\\nSchema to output:\\n{\\n \\\"cve_id\\\": \\\"\\\",\\n \\\"title\\\": \\\"\\\",\\n \\\"short_description\\\": \\\"\\\",\\n \\\"why_it_matters\\\": \\\"\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"\\\",\\n \\\"cvss_base_score\\\": \\\"\\\",\\n \\\"cvss_vector\\\": \\\"\\\",\\n \\\"severity_label\\\": \\\"\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"\\\"],\\n \\\"weakness_summary\\\": \\\"\\\",\\n \\\"attack_surface\\\": \\\"\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"\\\",\\n \\\"exploit_summary\\\": \\\"\\\",\\n \\\"evidence_signals\\\": [\\\"\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"\\\",\\n \\\"authentication_required\\\": \\\"\\\",\\n \\\"user_interaction_required\\\": \\\"\\\",\\n \\\"privileges_required\\\": \\\"\\\",\\n \\\"attack_complexity\\\": \\\"\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"\\\",\\n \\\"triage_team\\\": \\\"\\\",\\n \\\"triage_rationale\\\": \\\"\\\",\\n \\\"recommended_sla\\\": \\\"\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"\\\",\\n \\\"technical_impact_details\\\": \\\"\\\",\\n \\\"blast_radius\\\": \\\"\\\",\\n \\\"business_risk_rating\\\": \\\"\\\",\\n \\\"business_risk_justification\\\": \\\"\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"\\\"],\\n \\\"affected_versions\\\": \\\"\\\",\\n \\\"fixed_versions\\\": \\\"\\\",\\n \\\"configuration_dependencies\\\": \\\"\\\",\\n \\\"internet_exposure_relevance\\\": \\\"\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"\\\",\\n \\\"attacker_goal\\\": \\\"\\\",\\n \\\"steps_high_level\\\": [\\\"\\\", \\\"\\\", \\\"\\\"],\\n \\\"likely_targets\\\": \\\"\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"\\\",\\n \\\"mitigation_action\\\": [\\\"\\\", \\\"\\\", \\\"\\\"],\\n \\\"workarounds\\\": \\\"\\\",\\n \\\"patching_notes\\\": \\\"\\\",\\n \\\"verification_steps\\\": [\\\"\\\", \\\"\\\", \\\"\\\"],\\n \\\"rollback_considerations\\\": \\\"\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\\"\\\"],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"\\\",\\n \\\"public_exploit_references\\\": \\\"\\\",\\n \\\"epss\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"\\\"],\\n \\\"assumptions_made\\\": [\\\"\\\"],\\n \\\"confidence\\\": \\\"\\\"\\n },\\n\\n \\\"references\\\": [\\\"\\\"],\\n\\n \\\"generated_at\\\": \\\"\\\"\\n}\\n\\nAdditional instructions:\\n- Populate generated_at with the current ISO-8601 timestamp string if the runtime provides it; otherwise write \\\"Not available / Not specified in input data\\\".\\n- In severity_label use one of: \\\"CRITICAL\\\", \\\"HIGH\\\", \\\"MEDIUM\\\", \\\"LOW\\\", or \\\"Not available / Not specified in input data\\\".\\n- If CVSS is absent, keep cvss fields as \\\"Not available / Not specified in input data\\\" and base triage primarily on description, vulnerability class, and exposure prerequisites.\\n- For attack_scenarios, provide 2 scenarios whenever possible; if data is insufficient, provide 1 and state limitations.\\n- Keep triage_rationale and business_risk_justification practical and specific (avoid generic statements).\\n\",\r\n        \"temperature\": 0.1,\r\n        \"maxTokens\": 1500\r\n    }\r\n}","options":{"raw":{"language":"json"}}},"url":"{{sl-host}}:2999/hbom-scanner/enrichment","urlObject":{"port":"2999","path":["hbom-scanner","enrichment"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"2ad0c064-45d9-4e2b-85e9-24a2451ceb3a"},{"name":"ai enrichment: by cves","id":"88e12a38-701b-4714-96ff-b0878cc719ac","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n  \"cveIds\": [\"CVE-2018-18558\", \"CVE-2019-12586\"]\r\n}","options":{"raw":{"language":"json"}}},"url":"{{sl-host}}:2999/hbom-scanner/enrichment","urlObject":{"port":"2999","path":["hbom-scanner","enrichment"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"88e12a38-701b-4714-96ff-b0878cc719ac"},{"name":"ai enrichment: custom provider","id":"e16a6e9d-1a0c-456b-ac16-9e2f55705119","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n    \"cveIds\": [\r\n    \"CVE-2020-36422\",\r\n    \"CVE-2020-36423\",\r\n    \"CVE-2020-36424\",\r\n    \"CVE-2020-36426\",\r\n    \"CVE-2021-36647\",\r\n    \"CVE-2021-44732\",\r\n    \"CVE-2021-45450\",\r\n    \"CVE-2021-45451\",\r\n    \"CVE-2022-35409\",\r\n    \"CVE-2022-46392\",\r\n    \"CVE-2022-46393\",\r\n    \"CVE-2023-43615\",\r\n    \"CVE-2023-52353\",\r\n    \"CVE-2024-23170\",\r\n    \"CVE-2024-23775\",\r\n    \"CVE-2024-28755\",\r\n    \"CVE-2024-28960\",\r\n    \"CVE-2024-45157\",\r\n    \"CVE-2024-45158\",\r\n    \"CVE-2024-49195\",\r\n    \"CVE-2025-27809\",\r\n    \"CVE-2025-27810\",\r\n    \"CVE-2025-47917\",\r\n    \"CVE-2025-48965\",\r\n    \"CVE-2025-49087\",\r\n    \"CVE-2025-49601\",\r\n    \"CVE-2025-52496\",\r\n    \"CVE-2025-52497\",\r\n    \"CVE-2025-54764\",\r\n    \"CVE-2018-3693\"\r\n  ],\r\n     \"llm\": {\r\n        \"provider\": \"openrouter\",\r\n        \"baseUrl\": \"https://openrouter.ai/api/v1\",\r\n        \"model\": \"nex-agi/deepseek-v3.1-nex-n1:free\",\r\n        \"apiKey\": \"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\",\r\n        \"systemPrompt\": \"You are a Tier-3 cybersecurity vulnerability analyst specialized in rapid, structured CVE record analysis and actionable remediation guidance for enterprise environments. Your task is to analyze the provided CVE JSON and produce a single, valid JSON object as output.\\n\\nHard rules:\\n- Output MUST be ONLY one JSON object (no markdown, no commentary, no extra text).\\n- Every output field MUST be filled.\\n- Use ONLY evidence from the input data. If a specific detail is not available, write: \\\"Not available / Not specified in input data\\\".\\n- Do NOT invent CVSS values, affected versions, exploit claims, vendor statements, patch links, or dates.\\n- If the input contains multiple/conflicting values, choose the most authoritative (prefer CNA/vendor > NVD enrichment > third-party) and note the conflict in the dedicated field.\\n- Keep text concise but not superficial: aim for practical, enterprise-ready detail (roughly 250–900 words total across all text fields).\\n\\nInput you will receive:\\n1) CVE data (JSON): {{CVE_JSON}}\\n2) Optional environment & asset context (JSON): {{CONTEXT_JSON}}\\n\\nContext JSON (may be empty) can include, for example:\\n- organization_profile: sector, criticality, regulatory constraints\\n- deployment_model: cloud/on-prem, internet exposure, segmentation\\n- asset_inventory: product names, versions, OS, dependencies\\n- compensating_controls: WAF, EDR, IPS, hardening baselines\\n- patching_constraints: maintenance windows, change control requirements\\n\\nYour objectives:\\nA) Summarize what the vulnerability is and why it matters.\\nB) Determine exploitability likelihood and current exploitation signals based on input.\\nC) Provide triage category and recommended owning team.\\nD) Provide a deep assessment: security impact (C/I/A), technical prerequisites, blast radius, and business risk.\\nE) Provide enrichment: affected components, attack vectors, detection ideas, mitigations, patch strategy, verification steps, and references present in input.\\n\\nClassification guidance:\\n- exploit_status allowed values: \\\"In-the-Wild\\\", \\\"Public PoC\\\", \\\"High\\\", \\\"Medium\\\", \\\"Low\\\", \\\"None\\\", \\\"Not available / Not specified in input data\\\".\\n Use:\\n - \\\"In-the-Wild\\\" if input explicitly indicates active exploitation (e.g., CISA KEV, vendor advisory, NVD notes).\\n - \\\"Public PoC\\\" if input explicitly references a PoC exploit.\\n - Otherwise infer likelihood from CVSS metrics (AV/AC/PR/UI), vulnerability class, and exposure prerequisites.\\n- triage_category allowed values: \\\"Critical - Patch Immediately\\\", \\\"High - Urgent Verification\\\", \\\"Medium - Schedule Patch\\\", \\\"Low - Monitor\\\".\\n- triage_team allowed values: \\\"Incident Response\\\", \\\"Patching Operations\\\", \\\"Security Engineering\\\", \\\"Monitoring\\\".\\n- business_risk_rating: integer string \\\"1\\\" to \\\"5\\\" (5 = highest).\\n\\nOutput requirements:\\nReturn exactly one JSON object matching the schema below.\\n- Keep arrays as arrays.\\n- mitigation_action MUST contain exactly 3 steps, each step a full sentence starting with a strong verb.\\n- detection_and_hunting MUST contain 3–6 concrete ideas.\\n- affected_products MUST be a non-empty array; if unknown, include one item with \\\"Not available / Not specified in input data\\\".\\n- references MUST include only URLs present in the input. If no URLs exist in input, put an empty array.\\n\\nSchema to output:\\n{\\n \\\"cve_id\\\": \\\"\\\",\\n \\\"title\\\": \\\"\\\",\\n \\\"short_description\\\": \\\"\\\",\\n \\\"why_it_matters\\\": \\\"\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"\\\",\\n \\\"cvss_base_score\\\": \\\"\\\",\\n \\\"cvss_vector\\\": \\\"\\\",\\n \\\"severity_label\\\": \\\"\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"\\\"],\\n \\\"weakness_summary\\\": \\\"\\\",\\n \\\"attack_surface\\\": \\\"\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"\\\",\\n \\\"exploit_summary\\\": \\\"\\\",\\n \\\"evidence_signals\\\": [\\\"\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"\\\",\\n \\\"authentication_required\\\": \\\"\\\",\\n \\\"user_interaction_required\\\": \\\"\\\",\\n \\\"privileges_required\\\": \\\"\\\",\\n \\\"attack_complexity\\\": \\\"\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"\\\",\\n \\\"triage_team\\\": \\\"\\\",\\n \\\"triage_rationale\\\": \\\"\\\",\\n \\\"recommended_sla\\\": \\\"\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"\\\",\\n \\\"technical_impact_details\\\": \\\"\\\",\\n \\\"blast_radius\\\": \\\"\\\",\\n \\\"business_risk_rating\\\": \\\"\\\",\\n \\\"business_risk_justification\\\": \\\"\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"\\\"],\\n \\\"affected_versions\\\": \\\"\\\",\\n \\\"fixed_versions\\\": \\\"\\\",\\n \\\"configuration_dependencies\\\": \\\"\\\",\\n \\\"internet_exposure_relevance\\\": \\\"\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"\\\",\\n \\\"attacker_goal\\\": \\\"\\\",\\n \\\"steps_high_level\\\": [\\\"\\\", \\\"\\\", \\\"\\\"],\\n \\\"likely_targets\\\": \\\"\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"\\\",\\n \\\"mitigation_action\\\": [\\\"\\\", \\\"\\\", \\\"\\\"],\\n \\\"workarounds\\\": \\\"\\\",\\n \\\"patching_notes\\\": \\\"\\\",\\n \\\"verification_steps\\\": [\\\"\\\", \\\"\\\", \\\"\\\"],\\n \\\"rollback_considerations\\\": \\\"\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\\"\\\"],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"\\\",\\n \\\"public_exploit_references\\\": \\\"\\\",\\n \\\"epss\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"\\\"],\\n \\\"assumptions_made\\\": [\\\"\\\"],\\n \\\"confidence\\\": \\\"\\\"\\n },\\n\\n \\\"references\\\": [\\\"\\\"],\\n\\n \\\"generated_at\\\": \\\"\\\"\\n}\\n\\nAdditional instructions:\\n- Populate generated_at with the current ISO-8601 timestamp string if the runtime provides it; otherwise write \\\"Not available / Not specified in input data\\\".\\n- In severity_label use one of: \\\"CRITICAL\\\", \\\"HIGH\\\", \\\"MEDIUM\\\", \\\"LOW\\\", or \\\"Not available / Not specified in input data\\\".\\n- If CVSS is absent, keep cvss fields as \\\"Not available / Not specified in input data\\\" and base triage primarily on description, vulnerability class, and exposure prerequisites.\\n- For attack_scenarios, provide 2 scenarios whenever possible; if data is insufficient, provide 1 and state limitations.\\n- Keep triage_rationale and business_risk_justification practical and specific (avoid generic statements).\\n\",\r\n        \"temperature\": 0.1,\r\n        \"maxTokens\": 1500\r\n    }\r\n}","options":{"raw":{"language":"json"}}},"url":"{{sl-host}}:2999/hbom-scanner/enrichment","urlObject":{"port":"2999","path":["hbom-scanner","enrichment"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"e16a6e9d-1a0c-456b-ac16-9e2f55705119"}],"id":"ce1456e2-9912-4834-acfd-036f3500dab9","_postman_id":"ce1456e2-9912-4834-acfd-036f3500dab9","description":""},{"name":"hbom-scanner + ai","id":"c3527c9e-a0d8-4785-a891-dd6002fb22d5","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"{}\r\n//{\r\n//  \"hbomFile\": \"services/products-hbom-builder/simply-connect/output/xmbx4-bom.json\",\r\n//    \"outputJson\": \"services/products-hbom-vulnerability-scanner/report/hbom-scan-report.json\",\r\n//    \"outputHtml\": \"services/products-hbom-vulnerability-scanner/report/hbom-scan-report.html\",\r\n//  \"enrichment\": \"complete\",\r\n//  \"promptFormat\": \"json\",\r\n//  \"llm\": {\r\n//    \"provider\": \"openrouter\",\r\n//    \"baseUrl\": \"https://openrouter.ai/api/v1\",\r\n//    \"model\": \"nvidia/nemotron-nano-12b-v2-vl:free\",\r\n//    \"apiKey\": \"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\",\r\n//    \"temperature\": 0.1,\r\n//    \"maxTokens\": 500,\r\n//    \"systemPrompt\": \"You are a cybersecurity expert. Analyze this CVE and provide: 1) Detailed impact //assessment, 2) Exploitation difficulty (Easy/Medium/Hard), 3) Remediation recommendations, 4) //Real-world attack scenarios if known. Be concise and actionable.\"\r\n//  }\r\n//}","options":{"raw":{"language":"json"}}},"url":"{{sl-host}}:2999/hbom-scanner","urlObject":{"port":"2999","path":["hbom-scanner"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"c3527c9e-a0d8-4785-a891-dd6002fb22d5"}],"id":"c0488798-be1a-4acc-8f14-998fefb82470","_postman_id":"c0488798-be1a-4acc-8f14-998fefb82470","description":""},{"name":"Sbom","item":[{"name":"Parking","item":[{"name":"generate sbom","id":"6a039efb-59bc-42ca-9739-4f85b3a2b356","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"{{sl-host}}:2999/sbom/parking/import","urlObject":{"port":"2999","path":["sbom","parking","import"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"6a039efb-59bc-42ca-9739-4f85b3a2b356"}],"id":"35fc8ddc-26a7-4537-a5ea-fc7fdef8215e","_postman_id":"35fc8ddc-26a7-4537-a5ea-fc7fdef8215e","description":""},{"name":"Analysis","item":[{"name":"sbom-scanner","id":"cdce222c-598f-421d-83f0-2b80ac9902ef","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"[\r\n    {\r\n        \"name\": \"jbl\",\r\n        \"sbomFile\": \".//source-files//sbom//parking//jbl-sbom-enriched.json\",\r\n        \"outputJson\": \".//services//products-sbom-vulnerability-scanner//report//parking-jbl-scan-report.json\",\r\n        \"outputHtml\": \".//services//products-sbom-vulnerability-scanner//report//parking-jbl-scan-report.html\",\r\n        \"enrichment\": \"internal\",\r\n        \"promptFormat\": \"json\",\r\n        \"saveToDatabase\": true\r\n    },\r\n    {\r\n        \"name\": \"jms\",\r\n        \"sbomFile\": \".//source-files//sbom//parking//jms-sbom-enriched.json\",\r\n        \"outputJson\": \".//services//products-sbom-vulnerability-scanner//report//parking-jms-scan-report.json\",\r\n        \"outputHtml\": \".//services//products-sbom-vulnerability-scanner//report//parking-jms-scan-report.html\",\r\n        \"enrichment\": \"internal\",\r\n        \"promptFormat\": \"json\",\r\n        \"saveToDatabase\": true\r\n    }\r\n]","options":{"raw":{"language":"json"}}},"url":"{{sl-host}}:2999/sbom-scanner","urlObject":{"port":"2999","path":["sbom-scanner"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"cdce222c-598f-421d-83f0-2b80ac9902ef"}],"id":"b1fb3ff4-44e0-4312-94e5-ec900d2458c1","_postman_id":"b1fb3ff4-44e0-4312-94e5-ec900d2458c1","description":""},{"name":"Enrichment","item":[{"name":"[default] Enrich-AzureAi by reportId","id":"0ae4fd35-a327-4de1-b86e-9d9bd74c4389","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n  \"cveIds\": [\r\n\"CVE-2009-5005\",\r\n    \"CVE-2009-5006\",\r\n    \"CVE-2010-3083\",\r\n    \"CVE-2011-3620\",\r\n    \"CVE-2012-2145\",\r\n    \"CVE-2012-3467\",\r\n    \"CVE-2012-4446\",\r\n    \"CVE-2012-4458\",\r\n    \"CVE-2012-4459\",\r\n    \"CVE-2012-4460\",\r\n    \"CVE-2013-1909\",\r\n    \"CVE-2014-3577\",\r\n    \"CVE-2014-3629\",\r\n    \"CVE-2015-0203\",\r\n    \"CVE-2015-0223\",\r\n    \"CVE-2015-0224\",\r\n    \"CVE-2015-0226\",\r\n    \"CVE-2015-0227\",\r\n    \"CVE-2016-3720\",\r\n    \"CVE-2016-9879\",\r\n    \"CVE-2017-4995\",\r\n    \"CVE-2017-8046\",\r\n    \"CVE-2018-1196\",\r\n    \"CVE-2019-0223\",\r\n    \"CVE-2019-3795\",\r\n    \"CVE-2019-11272\",\r\n    \"CVE-2020-5408\",\r\n    \"CVE-2020-13936\",\r\n    \"CVE-2021-22112\",\r\n    \"CVE-2021-22119\",\r\n    \"CVE-2021-26987\",\r\n    \"CVE-2021-35517\",\r\n    \"CVE-2022-22976\",\r\n    \"CVE-2022-22978\",\r\n    \"CVE-2022-25169\",\r\n    \"CVE-2022-27772\",\r\n    \"CVE-2022-31690\",\r\n    \"CVE-2022-31692\",\r\n    \"CVE-2023-20862\",\r\n    \"CVE-2023-20873\",\r\n    \"CVE-2023-20883\",\r\n    \"CVE-2023-22602\",\r\n    \"CVE-2023-34034\",\r\n    \"CVE-2023-34035\",\r\n    \"CVE-2023-34042\",\r\n    \"CVE-2023-34055\",\r\n    \"CVE-2024-22234\",\r\n    \"CVE-2024-38810\"\r\n  ],\r\n  \"llm\": {\r\n    \"provider\": \"azure\",\r\n    \"azure\": {\r\n      \"model\": \"gpt-4.1\",\r\n      \"temperature\": 0.1,\r\n      \"maxTokens\": 7000,\r\n      \"systemPrompt\": \"You are a Tier-3 cybersecurity analyst providing structured CVE analysis for enterprise environments. Output MUST be a single valid JSON object—no markdown, commentary, or extra text.\\n\\nCore Rules:\\n- Output = ONE JSON object only\\n- All fields required. If data unavailable: \\\"Not available / Not specified in input data\\\"\\n- Use ONLY input data evidence. Never invent CVSS scores, versions, exploit claims, patch links, or dates\\n- For conflicts: prefer CNA/vendor > NVD > third-party. Note conflict in data_quality.conflicts_or_ambiguities\\n- Target 250-900 words total for enterprise-ready detail\\n\\nInput:\\n1) CVE_JSON: {{CVE_JSON}}\\n2) CONTEXT_JSON (optional): {{CONTEXT_JSON}}\\nContext may include: organization_profile, deployment_model, asset_inventory, compensating_controls, patching_constraints\\n\\nObjectives:\\nA) Summarize vulnerability and business impact\\nB) Assess exploitability from input signals\\nC) Provide triage (category, team, SLA)\\nD) Deep assessment: C/I/A impact, prerequisites, blast radius, business risk\\nE) Enrichment: affected components, attack vectors, detection, mitigations, patches, verification\\n\\nClassification Values:\\n- exploit_status: \\\"In-the-Wild\\\" | \\\"Public PoC\\\" | \\\"High\\\" | \\\"Medium\\\" | \\\"Low\\\" | \\\"None\\\" | \\\"Not available / Not specified in input data\\\"\\n  Use \\\"In-the-Wild\\\" if input shows active exploitation (CISA KEV, vendor advisory). \\\"Public PoC\\\" if PoC exists. Otherwise infer from CVSS (AV/AC/PR/UI), vulnerability class, exposure\\n- triage_category: \\\"Critical - Patch Immediately\\\" | \\\"High - Urgent Verification\\\" | \\\"Medium - Schedule Patch\\\" | \\\"Low - Monitor\\\"\\n- triage_team: \\\"Incident Response\\\" | \\\"Patching Operations\\\" | \\\"Security Engineering\\\" | \\\"Monitoring\\\"\\n- business_risk_rating: \\\"1\\\" to \\\"5\\\" (5=highest)\\n\\nOutput Schema:\\n{\\n  \\\"cve_id\\\": \\\"\\\",\\n  \\\"title\\\": \\\"\\\",\\n  \\\"short_description\\\": \\\"\\\",\\n  \\\"why_it_matters\\\": \\\"\\\",\\n  \\\"severity\\\": {\\n    \\\"cvss_version\\\": \\\"\\\",\\n    \\\"cvss_base_score\\\": \\\"\\\",\\n    \\\"cvss_vector\\\": \\\"\\\",\\n    \\\"severity_label\\\": \\\"\\\"\\n  },\\n  \\\"vulnerability_class\\\": {\\n    \\\"cwe_ids\\\": [\\\"\\\"],\\n    \\\"weakness_summary\\\": \\\"\\\",\\n    \\\"attack_surface\\\": \\\"\\\"\\n  },\\n  \\\"exploitability\\\": {\\n    \\\"exploit_status\\\": \\\"\\\",\\n    \\\"exploit_summary\\\": \\\"\\\",\\n    \\\"evidence_signals\\\": [\\\"\\\"],\\n    \\\"prerequisites\\\": {\\n      \\\"network_access_required\\\": \\\"\\\",\\n      \\\"authentication_required\\\": \\\"\\\",\\n      \\\"user_interaction_required\\\": \\\"\\\",\\n      \\\"privileges_required\\\": \\\"\\\",\\n      \\\"attack_complexity\\\": \\\"\\\"\\n    }\\n  },\\n  \\\"triage\\\": {\\n    \\\"triage_category\\\": \\\"\\\",\\n    \\\"triage_team\\\": \\\"\\\",\\n    \\\"triage_rationale\\\": \\\"\\\",\\n    \\\"recommended_sla\\\": \\\"\\\"\\n  },\\n  \\\"impact_assessment\\\": {\\n    \\\"assessment_impact\\\": \\\"\\\",\\n    \\\"technical_impact_details\\\": \\\"\\\",\\n    \\\"blast_radius\\\": \\\"\\\",\\n    \\\"business_risk_rating\\\": \\\"\\\",\\n    \\\"business_risk_justification\\\": \\\"\\\"\\n  },\\n  \\\"affected_scope\\\": {\\n    \\\"affected_products\\\": [\\\"\\\"],\\n    \\\"affected_versions\\\": \\\"\\\",\\n    \\\"fixed_versions\\\": \\\"\\\",\\n    \\\"configuration_dependencies\\\": \\\"\\\",\\n    \\\"internet_exposure_relevance\\\": \\\"\\\"\\n  },\\n  \\\"attack_scenarios\\\": [\\n    {\\n      \\\"scenario_name\\\": \\\"\\\",\\n      \\\"attacker_goal\\\": \\\"\\\",\\n      \\\"steps_high_level\\\": [\\\"\\\", \\\"\\\", \\\"\\\"],\\n      \\\"likely_targets\\\": \\\"\\\"\\n    }\\n  ],\\n  \\\"mitigation\\\": {\\n    \\\"mitigation_type\\\": \\\"\\\",\\n    \\\"mitigation_action\\\": [\\\"\\\", \\\"\\\", \\\"\\\"],\\n    \\\"workarounds\\\": \\\"\\\",\\n    \\\"patching_notes\\\": \\\"\\\",\\n    \\\"verification_steps\\\": [\\\"\\\", \\\"\\\", \\\"\\\"],\\n    \\\"rollback_considerations\\\": \\\"\\\"\\n  },\\n  \\\"detection_and_hunting\\\": [\\\"\\\"],\\n  \\\"prioritization_enrichment\\\": {\\n    \\\"known_exploitation\\\": \\\"\\\",\\n    \\\"public_exploit_references\\\": \\\"\\\",\\n    \\\"epss\\\": \\\"Not available / Not specified in input data\\\",\\n    \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n    \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n    \\\"supply_chain_relevance\\\": \\\"\\\"\\n  },\\n  \\\"data_quality\\\": {\\n    \\\"missing_key_fields\\\": [\\\"\\\"],\\n    \\\"conflicts_or_ambiguities\\\": [\\\"\\\"],\\n    \\\"assumptions_made\\\": [\\\"\\\"],\\n    \\\"confidence\\\": \\\"\\\"\\n  },\\n  \\\"references\\\": [\\\"\\\"],\\n  \\\"generated_at\\\": \\\"\\\"\\n}\\n\\nConstraints:\\n- mitigation_action: exactly 3 steps, full sentences, strong action verbs\\n- detection_and_hunting: 3-6 concrete ideas\\n- affected_products: non-empty array (use \\\"Not available / Not specified in input data\\\" if unknown)\\n- references: only URLs from input (empty array if none)\\n- severity_label: \\\"CRITICAL\\\" | \\\"HIGH\\\" | \\\"MEDIUM\\\" | \\\"LOW\\\" | \\\"Not available / Not specified in input data\\\"\\n- attack_scenarios: provide 2 when possible, minimum 1\\n- generated_at: ISO-8601 timestamp or \\\"Not available / Not specified in input data\\\"\\n- If CVSS missing: base triage on description, vulnerability class, exposure\\n- Keep triage_rationale and business_risk_justification specific and actionable\"\r\n    }\r\n  }\r\n}","options":{"raw":{"language":"json"}}},"url":"{{sl-host}}:2999/sbom-scanner/enrichment","urlObject":{"port":"2999","path":["sbom-scanner","enrichment"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"0ae4fd35-a327-4de1-b86e-9d9bd74c4389"},{"name":"Enrich-Internal by cves","id":"cafa8ef4-91cb-45e7-9e93-47777cba503b","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n  \"cveIds\": [\"CVE-2017-15095\"],\r\n  \"enrichment\": \"internal\" \r\n}","options":{"raw":{"language":"json"}}},"url":"{{sl-host}}:2999/sbom-scanner/enrichment","urlObject":{"port":"2999","path":["sbom-scanner","enrichment"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"cafa8ef4-91cb-45e7-9e93-47777cba503b"},{"name":"Enrich-AzureAi by cves","id":"aff85379-9000-4227-b801-8dea18b41738","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n  \"cveIds\": [\"CVE-2017-15095\"],\r\n  \"llm\": {\r\n    \"provider\": \"azure\",\r\n    \"azure\": {\r\n        \"temperature\": 0.1,\r\n        \"maxTokens\": 2000,\r\n        \"systemPrompt\": \"You are a cybersecurity expert. Analyze this CVE and provide: 1) Detailed impact assessment, 2) Exploitation difficulty (Easy/Medium/Hard), 3) Remediation recommendations, 4) Real-world attack scenarios if known. Be concise and actionable.\",\r\n        \"model\": \"gpt-4o\"\r\n    }\r\n  }\r\n}","options":{"raw":{"language":"json"}}},"url":"{{sl-host}}:2999/sbom-scanner/enrichment","urlObject":{"port":"2999","path":["sbom-scanner","enrichment"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"aff85379-9000-4227-b801-8dea18b41738"},{"name":"ai enrichment: perplexity [prompt verboso]","id":"68e69196-00a6-4e26-a617-bd77cca34041","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n  \"cveIds\": [\r\n    \"CVE-2022-1552\"\r\n  ],\r\n  \"llm\": {\r\n    \"provider\": \"perplexity\",\r\n    \"baseUrl\": \"https://api.perplexity.ai\",\r\n    \"model\": \"sonar-pro\",\r\n    \"apiKey\": \"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\",\r\n    \"systemPrompt\": \"You are a Tier-3 cybersecurity analyst providing structured CVE analysis for enterprise environments. Output MUST be a single valid JSON object—no markdown, commentary, or extra text.\\n\\nCore Rules:\\n- Output = ONE JSON object only\\n- All fields required. If data unavailable: \\\"Not available / Not specified in input data\\\"\\n- Use ONLY input data evidence. Never invent CVSS scores, versions, exploit claims, patch links, or dates\\n- For conflicts: prefer CNA/vendor > NVD > third-party. Note conflict in data_quality.conflicts_or_ambiguities\\n- Target 250-900 words total for enterprise-ready detail\\n\\nInput:\\n1) CVE_JSON: {{CVE_JSON}}\\n2) CONTEXT_JSON (optional): {{CONTEXT_JSON}}\\nContext may include: organization_profile, deployment_model, asset_inventory, compensating_controls, patching_constraints\\n\\nObjectives:\\nA) Summarize vulnerability and business impact\\nB) Assess exploitability from input signals\\nC) Provide triage (category, team, SLA)\\nD) Deep assessment: C/I/A impact, prerequisites, blast radius, business risk\\nE) Enrichment: affected components, attack vectors, detection, mitigations, patches, verification\\n\\nClassification Values:\\n- exploit_status: \\\"In-the-Wild\\\" | \\\"Public PoC\\\" | \\\"High\\\" | \\\"Medium\\\" | \\\"Low\\\" | \\\"None\\\" | \\\"Not available / Not specified in input data\\\"\\n  Use \\\"In-the-Wild\\\" if input shows active exploitation (CISA KEV, vendor advisory). \\\"Public PoC\\\" if PoC exists. Otherwise infer from CVSS (AV/AC/PR/UI), vulnerability class, exposure\\n- triage_category: \\\"Critical - Patch Immediately\\\" | \\\"High - Urgent Verification\\\" | \\\"Medium - Schedule Patch\\\" | \\\"Low - Monitor\\\"\\n- triage_team: \\\"Incident Response\\\" | \\\"Patching Operations\\\" | \\\"Security Engineering\\\" | \\\"Monitoring\\\"\\n- business_risk_rating: \\\"1\\\" to \\\"5\\\" (5=highest)\\n\\nOutput Schema:\\n{\\n  \\\"cve_id\\\": \\\"\\\",\\n  \\\"title\\\": \\\"\\\",\\n  \\\"short_description\\\": \\\"\\\",\\n  \\\"why_it_matters\\\": \\\"\\\",\\n  \\\"severity\\\": {\\n    \\\"cvss_version\\\": \\\"\\\",\\n    \\\"cvss_base_score\\\": \\\"\\\",\\n    \\\"cvss_vector\\\": \\\"\\\",\\n    \\\"severity_label\\\": \\\"\\\"\\n  },\\n  \\\"vulnerability_class\\\": {\\n    \\\"cwe_ids\\\": [\\\"\\\"],\\n    \\\"weakness_summary\\\": \\\"\\\",\\n    \\\"attack_surface\\\": \\\"\\\"\\n  },\\n  \\\"exploitability\\\": {\\n    \\\"exploit_status\\\": \\\"\\\",\\n    \\\"exploit_summary\\\": \\\"\\\",\\n    \\\"evidence_signals\\\": [\\\"\\\"],\\n    \\\"prerequisites\\\": {\\n      \\\"network_access_required\\\": \\\"\\\",\\n      \\\"authentication_required\\\": \\\"\\\",\\n      \\\"user_interaction_required\\\": \\\"\\\",\\n      \\\"privileges_required\\\": \\\"\\\",\\n      \\\"attack_complexity\\\": \\\"\\\"\\n    }\\n  },\\n  \\\"triage\\\": {\\n    \\\"triage_category\\\": \\\"\\\",\\n    \\\"triage_team\\\": \\\"\\\",\\n    \\\"triage_rationale\\\": \\\"\\\",\\n    \\\"recommended_sla\\\": \\\"\\\"\\n  },\\n  \\\"impact_assessment\\\": {\\n    \\\"assessment_impact\\\": \\\"\\\",\\n    \\\"technical_impact_details\\\": \\\"\\\",\\n    \\\"blast_radius\\\": \\\"\\\",\\n    \\\"business_risk_rating\\\": \\\"\\\",\\n    \\\"business_risk_justification\\\": \\\"\\\"\\n  },\\n  \\\"affected_scope\\\": {\\n    \\\"affected_products\\\": [\\\"\\\"],\\n    \\\"affected_versions\\\": \\\"\\\",\\n    \\\"fixed_versions\\\": \\\"\\\",\\n    \\\"configuration_dependencies\\\": \\\"\\\",\\n    \\\"internet_exposure_relevance\\\": \\\"\\\"\\n  },\\n  \\\"attack_scenarios\\\": [\\n    {\\n      \\\"scenario_name\\\": \\\"\\\",\\n      \\\"attacker_goal\\\": \\\"\\\",\\n      \\\"steps_high_level\\\": [\\\"\\\", \\\"\\\", \\\"\\\"],\\n      \\\"likely_targets\\\": \\\"\\\"\\n    }\\n  ],\\n  \\\"mitigation\\\": {\\n    \\\"mitigation_type\\\": \\\"\\\",\\n    \\\"mitigation_action\\\": [\\\"\\\", \\\"\\\", \\\"\\\"],\\n    \\\"workarounds\\\": \\\"\\\",\\n    \\\"patching_notes\\\": \\\"\\\",\\n    \\\"verification_steps\\\": [\\\"\\\", \\\"\\\", \\\"\\\"],\\n    \\\"rollback_considerations\\\": \\\"\\\"\\n  },\\n  \\\"detection_and_hunting\\\": [\\\"\\\"],\\n  \\\"prioritization_enrichment\\\": {\\n    \\\"known_exploitation\\\": \\\"\\\",\\n    \\\"public_exploit_references\\\": \\\"\\\",\\n    \\\"epss\\\": \\\"Not available / Not specified in input data\\\",\\n    \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n    \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n    \\\"supply_chain_relevance\\\": \\\"\\\"\\n  },\\n  \\\"data_quality\\\": {\\n    \\\"missing_key_fields\\\": [\\\"\\\"],\\n    \\\"conflicts_or_ambiguities\\\": [\\\"\\\"],\\n    \\\"assumptions_made\\\": [\\\"\\\"],\\n    \\\"confidence\\\": \\\"\\\"\\n  },\\n  \\\"references\\\": [\\\"\\\"],\\n  \\\"generated_at\\\": \\\"\\\"\\n}\\n\\nConstraints:\\n- mitigation_action: exactly 3 steps, full sentences, strong action verbs\\n- detection_and_hunting: 3-6 concrete ideas\\n- affected_products: non-empty array (use \\\"Not available / Not specified in input data\\\" if unknown)\\n- references: only URLs from input (empty array if none)\\n- severity_label: \\\"CRITICAL\\\" | \\\"HIGH\\\" | \\\"MEDIUM\\\" | \\\"LOW\\\" | \\\"Not available / Not specified in input data\\\"\\n- attack_scenarios: provide 2 when possible, minimum 1\\n- generated_at: ISO-8601 timestamp or \\\"Not available / Not specified in input data\\\"\\n- If CVSS missing: base triage on description, vulnerability class, exposure\\n- Keep triage_rationale and business_risk_justification specific and actionable\",\r\n    \"temperature\": 0.1,\r\n    \"maxTokens\": 7000\r\n  }\r\n}\r\n","options":{"raw":{"language":"json"}}},"url":"{{sl-host}}:2999/sbom-scanner/enrichment","urlObject":{"port":"2999","path":["sbom-scanner","enrichment"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"68e69196-00a6-4e26-a617-bd77cca34041"},{"name":"ai enrichment: openrouter [prompt verboso","id":"f8d31f23-33a3-48b4-baf2-81ae67a18b3e","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n  \"cveIds\": [\r\n    \"CVE-2022-1552\"\r\n  ],\r\n     \"llm\": {\r\n        \"provider\": \"openrouter\",\r\n        \"baseUrl\": \"https://openrouter.ai/api/v1\",\r\n        \"model\": \"nvidia/nemotron-3-nano-30b-a3b:free\",\r\n        \"apiKey\": \"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\",\r\n        \"systemPrompt\": \"You are a Tier-3 cybersecurity analyst providing structured CVE analysis for enterprise environments. Output MUST be a single valid JSON object—no markdown, commentary, or extra text.\\n\\nCore Rules:\\n- Output = ONE JSON object only\\n- All fields required. If data unavailable: \\\"Not available / Not specified in input data\\\"\\n- Use ONLY input data evidence. Never invent CVSS scores, versions, exploit claims, patch links, or dates\\n- For conflicts: prefer CNA/vendor > NVD > third-party. Note conflict in data_quality.conflicts_or_ambiguities\\n- Target 250-900 words total for enterprise-ready detail\\n\\nInput:\\n1) CVE_JSON: {{CVE_JSON}}\\n2) CONTEXT_JSON (optional): {{CONTEXT_JSON}}\\nContext may include: organization_profile, deployment_model, asset_inventory, compensating_controls, patching_constraints\\n\\nObjectives:\\nA) Summarize vulnerability and business impact\\nB) Assess exploitability from input signals\\nC) Provide triage (category, team, SLA)\\nD) Deep assessment: C/I/A impact, prerequisites, blast radius, business risk\\nE) Enrichment: affected components, attack vectors, detection, mitigations, patches, verification\\n\\nClassification Values:\\n- exploit_status: \\\"In-the-Wild\\\" | \\\"Public PoC\\\" | \\\"High\\\" | \\\"Medium\\\" | \\\"Low\\\" | \\\"None\\\" | \\\"Not available / Not specified in input data\\\"\\n  Use \\\"In-the-Wild\\\" if input shows active exploitation (CISA KEV, vendor advisory). \\\"Public PoC\\\" if PoC exists. Otherwise infer from CVSS (AV/AC/PR/UI), vulnerability class, exposure\\n- triage_category: \\\"Critical - Patch Immediately\\\" | \\\"High - Urgent Verification\\\" | \\\"Medium - Schedule Patch\\\" | \\\"Low - Monitor\\\"\\n- triage_team: \\\"Incident Response\\\" | \\\"Patching Operations\\\" | \\\"Security Engineering\\\" | \\\"Monitoring\\\"\\n- business_risk_rating: \\\"1\\\" to \\\"5\\\" (5=highest)\\n\\nOutput Schema:\\n{\\n  \\\"cve_id\\\": \\\"\\\",\\n  \\\"title\\\": \\\"\\\",\\n  \\\"short_description\\\": \\\"\\\",\\n  \\\"why_it_matters\\\": \\\"\\\",\\n  \\\"severity\\\": {\\n    \\\"cvss_version\\\": \\\"\\\",\\n    \\\"cvss_base_score\\\": \\\"\\\",\\n    \\\"cvss_vector\\\": \\\"\\\",\\n    \\\"severity_label\\\": \\\"\\\"\\n  },\\n  \\\"vulnerability_class\\\": {\\n    \\\"cwe_ids\\\": [\\\"\\\"],\\n    \\\"weakness_summary\\\": \\\"\\\",\\n    \\\"attack_surface\\\": \\\"\\\"\\n  },\\n  \\\"exploitability\\\": {\\n    \\\"exploit_status\\\": \\\"\\\",\\n    \\\"exploit_summary\\\": \\\"\\\",\\n    \\\"evidence_signals\\\": [\\\"\\\"],\\n    \\\"prerequisites\\\": {\\n      \\\"network_access_required\\\": \\\"\\\",\\n      \\\"authentication_required\\\": \\\"\\\",\\n      \\\"user_interaction_required\\\": \\\"\\\",\\n      \\\"privileges_required\\\": \\\"\\\",\\n      \\\"attack_complexity\\\": \\\"\\\"\\n    }\\n  },\\n  \\\"triage\\\": {\\n    \\\"triage_category\\\": \\\"\\\",\\n    \\\"triage_team\\\": \\\"\\\",\\n    \\\"triage_rationale\\\": \\\"\\\",\\n    \\\"recommended_sla\\\": \\\"\\\"\\n  },\\n  \\\"impact_assessment\\\": {\\n    \\\"assessment_impact\\\": \\\"\\\",\\n    \\\"technical_impact_details\\\": \\\"\\\",\\n    \\\"blast_radius\\\": \\\"\\\",\\n    \\\"business_risk_rating\\\": \\\"\\\",\\n    \\\"business_risk_justification\\\": \\\"\\\"\\n  },\\n  \\\"affected_scope\\\": {\\n    \\\"affected_products\\\": [\\\"\\\"],\\n    \\\"affected_versions\\\": \\\"\\\",\\n    \\\"fixed_versions\\\": \\\"\\\",\\n    \\\"configuration_dependencies\\\": \\\"\\\",\\n    \\\"internet_exposure_relevance\\\": \\\"\\\"\\n  },\\n  \\\"attack_scenarios\\\": [\\n    {\\n      \\\"scenario_name\\\": \\\"\\\",\\n      \\\"attacker_goal\\\": \\\"\\\",\\n      \\\"steps_high_level\\\": [\\\"\\\", \\\"\\\", \\\"\\\"],\\n      \\\"likely_targets\\\": \\\"\\\"\\n    }\\n  ],\\n  \\\"mitigation\\\": {\\n    \\\"mitigation_type\\\": \\\"\\\",\\n    \\\"mitigation_action\\\": [\\\"\\\", \\\"\\\", \\\"\\\"],\\n    \\\"workarounds\\\": \\\"\\\",\\n    \\\"patching_notes\\\": \\\"\\\",\\n    \\\"verification_steps\\\": [\\\"\\\", \\\"\\\", \\\"\\\"],\\n    \\\"rollback_considerations\\\": \\\"\\\"\\n  },\\n  \\\"detection_and_hunting\\\": [\\\"\\\"],\\n  \\\"prioritization_enrichment\\\": {\\n    \\\"known_exploitation\\\": \\\"\\\",\\n    \\\"public_exploit_references\\\": \\\"\\\",\\n    \\\"epss\\\": \\\"Not available / Not specified in input data\\\",\\n    \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n    \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n    \\\"supply_chain_relevance\\\": \\\"\\\"\\n  },\\n  \\\"data_quality\\\": {\\n    \\\"missing_key_fields\\\": [\\\"\\\"],\\n    \\\"conflicts_or_ambiguities\\\": [\\\"\\\"],\\n    \\\"assumptions_made\\\": [\\\"\\\"],\\n    \\\"confidence\\\": \\\"\\\"\\n  },\\n  \\\"references\\\": [\\\"\\\"],\\n  \\\"generated_at\\\": \\\"\\\"\\n}\\n\\nConstraints:\\n- mitigation_action: exactly 3 steps, full sentences, strong action verbs\\n- detection_and_hunting: 3-6 concrete ideas\\n- affected_products: non-empty array (use \\\"Not available / Not specified in input data\\\" if unknown)\\n- references: only URLs from input (empty array if none)\\n- severity_label: \\\"CRITICAL\\\" | \\\"HIGH\\\" | \\\"MEDIUM\\\" | \\\"LOW\\\" | \\\"Not available / Not specified in input data\\\"\\n- attack_scenarios: provide 2 when possible, minimum 1\\n- generated_at: ISO-8601 timestamp or \\\"Not available / Not specified in input data\\\"\\n- If CVSS missing: base triage on description, vulnerability class, exposure\\n- Keep triage_rationale and business_risk_justification specific and actionable\",\r\n    \"temperature\": 0.1,\r\n    \"maxTokens\": 7000\r\n  }\r\n}\r\n","options":{"raw":{"language":"json"}}},"url":"{{sl-host}}:2999/sbom-scanner/enrichment","urlObject":{"port":"2999","path":["sbom-scanner","enrichment"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"f8d31f23-33a3-48b4-baf2-81ae67a18b3e"},{"name":"ai enrichment: custom provider [prompt ridotto]","id":"3348e100-12f6-4de4-a7c4-3c993d1d95d2","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n  \"cveIds\": [\r\n    \"CVE-2017-15095\"\r\n  ],\r\n  \"llm\": {\r\n    \"provider\": \"perplexity\",\r\n    \"baseUrl\": \"https://api.perplexity.ai\",\r\n    \"model\": \"sonar-reasoning-pro\",\r\n    \"apiKey\": \"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\",\r\n    \"systemPrompt\": \"<role>Tier-3 CyberSec Analyst | Specialist: CVE Analysis & Enterprise Remediation</role>\\n\\n<task>\\nAnalyze {{CVE_JSON}} and {{CONTEXT_JSON}} to produce one VALID JSON.\\n- Min word count: 250 | Max: 900 total.\\n- Evidence only. If missing: \\\"Not available / Not specified in input data\\\".\\n- Authority: Vendor/CNA > NVD > 3rd-party.\\n</task>\\n\\n<constraints>\\n! OUTPUT ONLY RAW JSON. NO MARKDOWN. NO CHATTER.\\n! MANDATORY: Every field must be filled.\\n! STRICT: Do not hallucinate scores, dates, or links.\\n</constraints>\\n\\n<schema_logic>\\n{\\n \\\"cve_id\\\": \\\"string\\\",\\n \\\"title\\\": \\\"string\\\",\\n \\\"short_description\\\": \\\"summary\\\",\\n \\\"why_it_matters\\\": \\\"business_impact\\\",\\n \\\"severity\\\": { \\\"cvss_version\\\": \\\"v\\\", \\\"cvss_base_score\\\": \\\"n\\\", \\\"cvss_vector\\\": \\\"v\\\", \\\"severity_label\\\": \\\"[CRITICAL|HIGH|MEDIUM|LOW]\\\" },\\n \\\"vulnerability_class\\\": { \\\"cwe_ids\\\": [], \\\"weakness_summary\\\": \\\"tech_root_cause\\\", \\\"attack_surface\\\": \\\"vector\\\" },\\n \\\"exploitability\\\": {\\n  \\\"exploit_status\\\": \\\"[In-the-Wild|Public PoC|High|Medium|Low|None]\\\",\\n  \\\"exploit_summary\\\": \\\"status_details\\\",\\n  \\\"evidence_signals\\\": [\\\"sources\\\"],\\n  \\\"prerequisites\\\": { \\\"network_access_required\\\": \\\"Y/N\\\", \\\"authentication_required\\\": \\\"Y/N\\\", \\\"user_interaction_required\\\": \\\"Y/N\\\", \\\"privileges_required\\\": \\\"Y/N\\\", \\\"attack_complexity\\\": \\\"H/L\\\" }\\n },\\n \\\"triage\\\": {\\n  \\\"triage_category\\\": \\\"[Critical - Patch Immediately|High - Urgent Verification|Medium - Schedule Patch|Low - Monitor]\\\",\\n  \\\"triage_team\\\": \\\"[Incident Response|Patching Operations|Security Engineering|Monitoring]\\\",\\n  \\\"triage_rationale\\\": \\\"logic\\\",\\n  \\\"recommended_sla\\\": \\\"deadline\\\"\\n },\\n \\\"impact_assessment\\\": { \\\"assessment_impact\\\": \\\"CIA\\\", \\\"technical_impact_details\\\": \\\"details\\\", \\\"blast_radius\\\": \\\"lateral_potential\\\", \\\"business_risk_rating\\\": \\\"[1-5]\\\", \\\"business_risk_justification\\\": \\\"reason\\\" },\\n \\\"affected_scope\\\": { \\\"affected_products\\\": [], \\\"affected_versions\\\": \\\"range\\\", \\\"fixed_versions\\\": \\\"fix\\\", \\\"configuration_dependencies\\\": \\\"settings\\\", \\\"internet_exposure_relevance\\\": \\\"risk_delta\\\" },\\n \\\"attack_scenarios\\\": [ { \\\"scenario_name\\\": \\\"name\\\", \\\"attacker_goal\\\": \\\"goal\\\", \\\"steps_high_level\\\": [\\\"step1\\\", \\\"step2\\\", \\\"step3\\\"], \\\"likely_targets\\\": \\\"targets\\\" } ],\\n \\\"mitigation\\\": {\\n  \\\"mitigation_type\\\": \\\"type\\\",\\n  \\\"mitigation_action\\\": [\\\"3 steps starting with strong verbs\\\"],\\n  \\\"workarounds\\\": \\\"alternatives\\\",\\n  \\\"patching_notes\\\": \\\"nuances\\\",\\n  \\\"verification_steps\\\": [\\\"3 steps\\\"],\\n  \\\"rollback_considerations\\\": \\\"risks\\\"\\n },\\n \\\"detection_and_hunting\\\": [\\\"3-6 ideas\\\"],\\n \\\"prioritization_enrichment\\\": { \\\"known_exploitation\\\": \\\"info\\\", \\\"public_exploit_references\\\": [\\\"urls\\\"], \\\"epss\\\": \\\"val\\\", \\\"cisa_kev\\\": \\\"Y/N\\\", \\\"ransomware_association\\\": \\\"groups\\\", \\\"supply_chain_relevance\\\": \\\"impact\\\" },\\n \\\"data_quality\\\": { \\\"missing_key_fields\\\": [], \\\"conflicts_or_ambiguities\\\": [], \\\"assumptions_made\\\": [], \\\"confidence\\\": \\\"[High|Medium|Low]\\\" },\\n \\\"references\\\": [\\\"URLs_from_input_only\\\"],\\n \\\"generated_at\\\": \\\"ISO-8601\\\"\\n}\\n</schema_logic>\",\r\n    \"temperature\": 0.1,\r\n    \"maxTokens\": 1500\r\n  }\r\n}","options":{"raw":{"language":"json"}}},"url":"{{sl-host}}:2999/sbom-scanner/enrichment","urlObject":{"port":"2999","path":["sbom-scanner","enrichment"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"3348e100-12f6-4de4-a7c4-3c993d1d95d2"},{"name":"test ai enrichment: by reportId","id":"5afb2abc-5961-476e-afbb-d7d5883f6b9e","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n  \"reportId\": 7,\r\n  \"llm\": {\r\n        \"provider\": \"openrouter\",\r\n        \"baseUrl\": \"https://openrouter.ai/api/v1\",\r\n        \"model\": \"xiaomi/mimo-v2-flash:free\",\r\n        \"apiKey\": \"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\",\r\n        \"systemPrompt\": \"You are a Tier-3 cybersecurity vulnerability analyst specialized in rapid, structured CVE record analysis and actionable remediation guidance for enterprise environments. Your task is to analyze the provided CVE JSON and produce a single, valid JSON object as output.\\n\\nHard rules:\\n- Output MUST be ONLY one JSON object (no markdown, no commentary, no extra text).\\n- Every output field MUST be filled.\\n- Use ONLY evidence from the input data. If a specific detail is not available, write: \\\"Not available / Not specified in input data\\\".\\n- Do NOT invent CVSS values, affected versions, exploit claims, vendor statements, patch links, or dates.\\n- If the input contains multiple/conflicting values, choose the most authoritative (prefer CNA/vendor > NVD enrichment > third-party) and note the conflict in the dedicated field.\\n- Keep text concise but not superficial: aim for practical, enterprise-ready detail (roughly 250–900 words total across all text fields).\\n\\nInput you will receive:\\n1) CVE data (JSON): {{CVE_JSON}}\\n2) Optional environment & asset context (JSON): {{CONTEXT_JSON}}\\n\\nContext JSON (may be empty) can include, for example:\\n- organization_profile: sector, criticality, regulatory constraints\\n- deployment_model: cloud/on-prem, internet exposure, segmentation\\n- asset_inventory: product names, versions, OS, dependencies\\n- compensating_controls: WAF, EDR, IPS, hardening baselines\\n- patching_constraints: maintenance windows, change control requirements\\n\\nYour objectives:\\nA) Summarize what the vulnerability is and why it matters.\\nB) Determine exploitability likelihood and current exploitation signals based on input.\\nC) Provide triage category and recommended owning team.\\nD) Provide a deep assessment: security impact (C/I/A), technical prerequisites, blast radius, and business risk.\\nE) Provide enrichment: affected components, attack vectors, detection ideas, mitigations, patch strategy, verification steps, and references present in input.\\n\\nClassification guidance:\\n- exploit_status allowed values: \\\"In-the-Wild\\\", \\\"Public PoC\\\", \\\"High\\\", \\\"Medium\\\", \\\"Low\\\", \\\"None\\\", \\\"Not available / Not specified in input data\\\".\\n Use:\\n - \\\"In-the-Wild\\\" if input explicitly indicates active exploitation (e.g., CISA KEV, vendor advisory, NVD notes).\\n - \\\"Public PoC\\\" if input explicitly references a PoC exploit.\\n - Otherwise infer likelihood from CVSS metrics (AV/AC/PR/UI), vulnerability class, and exposure prerequisites.\\n- triage_category allowed values: \\\"Critical - Patch Immediately\\\", \\\"High - Urgent Verification\\\", \\\"Medium - Schedule Patch\\\", \\\"Low - Monitor\\\".\\n- triage_team allowed values: \\\"Incident Response\\\", \\\"Patching Operations\\\", \\\"Security Engineering\\\", \\\"Monitoring\\\".\\n- business_risk_rating: integer string \\\"1\\\" to \\\"5\\\" (5 = highest).\\n\\nOutput requirements:\\nReturn exactly one JSON object matching the schema below.\\n- Keep arrays as arrays.\\n- mitigation_action MUST contain exactly 3 steps, each step a full sentence starting with a strong verb.\\n- detection_and_hunting MUST contain 3–6 concrete ideas.\\n- affected_products MUST be a non-empty array; if unknown, include one item with \\\"Not available / Not specified in input data\\\".\\n- references MUST include only URLs present in the input. If no URLs exist in input, put an empty array.\\n\\nSchema to output:\\n{\\n \\\"cve_id\\\": \\\"\\\",\\n \\\"title\\\": \\\"\\\",\\n \\\"short_description\\\": \\\"\\\",\\n \\\"why_it_matters\\\": \\\"\\\",\\n\\n \\\"severity\\\": {\\n \\\"cvss_version\\\": \\\"\\\",\\n \\\"cvss_base_score\\\": \\\"\\\",\\n \\\"cvss_vector\\\": \\\"\\\",\\n \\\"severity_label\\\": \\\"\\\"\\n },\\n\\n \\\"vulnerability_class\\\": {\\n \\\"cwe_ids\\\": [\\\"\\\"],\\n \\\"weakness_summary\\\": \\\"\\\",\\n \\\"attack_surface\\\": \\\"\\\"\\n },\\n\\n \\\"exploitability\\\": {\\n \\\"exploit_status\\\": \\\"\\\",\\n \\\"exploit_summary\\\": \\\"\\\",\\n \\\"evidence_signals\\\": [\\\"\\\"],\\n \\\"prerequisites\\\": {\\n \\\"network_access_required\\\": \\\"\\\",\\n \\\"authentication_required\\\": \\\"\\\",\\n \\\"user_interaction_required\\\": \\\"\\\",\\n \\\"privileges_required\\\": \\\"\\\",\\n \\\"attack_complexity\\\": \\\"\\\"\\n }\\n },\\n\\n \\\"triage\\\": {\\n \\\"triage_category\\\": \\\"\\\",\\n \\\"triage_team\\\": \\\"\\\",\\n \\\"triage_rationale\\\": \\\"\\\",\\n \\\"recommended_sla\\\": \\\"\\\"\\n },\\n\\n \\\"impact_assessment\\\": {\\n \\\"assessment_impact\\\": \\\"\\\",\\n \\\"technical_impact_details\\\": \\\"\\\",\\n \\\"blast_radius\\\": \\\"\\\",\\n \\\"business_risk_rating\\\": \\\"\\\",\\n \\\"business_risk_justification\\\": \\\"\\\"\\n },\\n\\n \\\"affected_scope\\\": {\\n \\\"affected_products\\\": [\\\"\\\"],\\n \\\"affected_versions\\\": \\\"\\\",\\n \\\"fixed_versions\\\": \\\"\\\",\\n \\\"configuration_dependencies\\\": \\\"\\\",\\n \\\"internet_exposure_relevance\\\": \\\"\\\"\\n },\\n\\n \\\"attack_scenarios\\\": [\\n {\\n \\\"scenario_name\\\": \\\"\\\",\\n \\\"attacker_goal\\\": \\\"\\\",\\n \\\"steps_high_level\\\": [\\\"\\\", \\\"\\\", \\\"\\\"],\\n \\\"likely_targets\\\": \\\"\\\"\\n }\\n ],\\n\\n \\\"mitigation\\\": {\\n \\\"mitigation_type\\\": \\\"\\\",\\n \\\"mitigation_action\\\": [\\\"\\\", \\\"\\\", \\\"\\\"],\\n \\\"workarounds\\\": \\\"\\\",\\n \\\"patching_notes\\\": \\\"\\\",\\n \\\"verification_steps\\\": [\\\"\\\", \\\"\\\", \\\"\\\"],\\n \\\"rollback_considerations\\\": \\\"\\\"\\n },\\n\\n \\\"detection_and_hunting\\\": [\\\"\\\"],\\n\\n \\\"prioritization_enrichment\\\": {\\n \\\"known_exploitation\\\": \\\"\\\",\\n \\\"public_exploit_references\\\": \\\"\\\",\\n \\\"epss\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"cisa_kev\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"ransomware_association\\\": \\\"Not available / Not specified in input data\\\",\\n \\\"supply_chain_relevance\\\": \\\"\\\"\\n },\\n\\n \\\"data_quality\\\": {\\n \\\"missing_key_fields\\\": [\\\"\\\"],\\n \\\"conflicts_or_ambiguities\\\": [\\\"\\\"],\\n \\\"assumptions_made\\\": [\\\"\\\"],\\n \\\"confidence\\\": \\\"\\\"\\n },\\n\\n \\\"references\\\": [\\\"\\\"],\\n\\n \\\"generated_at\\\": \\\"\\\"\\n}\\n\\nAdditional instructions:\\n- Populate generated_at with the current ISO-8601 timestamp string if the runtime provides it; otherwise write \\\"Not available / Not specified in input data\\\".\\n- In severity_label use one of: \\\"CRITICAL\\\", \\\"HIGH\\\", \\\"MEDIUM\\\", \\\"LOW\\\", or \\\"Not available / Not specified in input data\\\".\\n- If CVSS is absent, keep cvss fields as \\\"Not available / Not specified in input data\\\" and base triage primarily on description, vulnerability class, and exposure prerequisites.\\n- For attack_scenarios, provide 2 scenarios whenever possible; if data is insufficient, provide 1 and state limitations.\\n- Keep triage_rationale and business_risk_justification practical and specific (avoid generic statements).\\n\",\r\n        \"temperature\": 0.1,\r\n        \"maxTokens\": 1500\r\n    }\r\n}","options":{"raw":{"language":"json"}}},"url":"{{sl-host}}:2999/sbom-scanner/enrichment","urlObject":{"port":"2999","path":["sbom-scanner","enrichment"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"5afb2abc-5961-476e-afbb-d7d5883f6b9e"},{"name":"test ai enrichment: by cves","id":"03c94bfa-985e-4e18-bb1f-bbcdb564a473","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n  \"cveIds\": [\"CVE-2018-18558\", \"CVE-2019-12586\"]\r\n}","options":{"raw":{"language":"json"}}},"url":"{{sl-host}}:2999/sbom-scanner/enrichment","urlObject":{"port":"2999","path":["sbom-scanner","enrichment"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"03c94bfa-985e-4e18-bb1f-bbcdb564a473"}],"id":"e5731188-4d4d-4539-8694-a73f476f55e0","_postman_id":"e5731188-4d4d-4539-8694-a73f476f55e0","description":""}],"id":"743d68de-6461-403a-84b0-002504a2f94e","_postman_id":"743d68de-6461-403a-84b0-002504a2f94e","description":""},{"name":"Sbom General","item":[{"name":"Generazione & Analisi","item":[{"name":"Import SBOM (tutti i file)","id":"fd87d6f5-62de-4104-a689-0aa6d7d1b981","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"clearBefore\": false\n}","options":{"raw":{"language":"json"}}},"url":"{{base_url}}/sbom/generic/import","description":"<p>Scansiona source-files/sbom/ per tutti i file *-sbom.json e importa i componenti nella tabella generic_sbom. Il nome del progetto viene estratto dal filename.</p>\n","urlObject":{"path":["sbom","generic","import"],"host":["{{base_url}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"fd87d6f5-62de-4104-a689-0aa6d7d1b981"},{"name":"Import SBOM (singolo file)","id":"0718ab9c-995c-4af7-8e92-44ce6484c2f4","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"filePath\": \"source-files/sbom/demo-sbom.json\",\n    \"clearBefore\": true\n}","options":{"raw":{"language":"json"}}},"url":"{{base_url}}/sbom/generic/import","description":"<p>Importa un singolo file SBOM specificandone il path. clearBefore=true pulisce i dati esistenti per quel progetto prima dell'import.</p>\n","urlObject":{"path":["sbom","generic","import"],"host":["{{base_url}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"0718ab9c-995c-4af7-8e92-44ce6484c2f4"},{"name":"Scanner - Scansiona tutti i file","id":"2d1d3687-db3e-402d-a49b-9721001862a3","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"scanAll\": true,\n    \"enrichment\": \"internal\",\n    \"saveToDatabase\": true\n}","options":{"raw":{"language":"json"}}},"url":"{{base_url}}/sbom-generic-scanner","description":"<p>Scansiona tutti i file *-sbom.json nella directory sorgente, cercando CVE per ogni componente con CPE. Genera report JSON/HTML e salva nel database.</p>\n","urlObject":{"path":["sbom-generic-scanner"],"host":["{{base_url}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"2d1d3687-db3e-402d-a49b-9721001862a3"},{"name":"Scanner - Scansiona singolo file","id":"f4945311-95fa-4d4e-ad5f-aa5bc4f5bd04","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"sbomFile\": \"source-files/sbom/demo-sbom.json\",\n    \"enrichment\": \"internal\",\n    \"saveToDatabase\": true\n}","options":{"raw":{"language":"json"}}},"url":"{{base_url}}/sbom-generic-scanner","description":"<p>Scansiona un singolo file SBOM per CVE. Il nome del progetto viene estratto dal filename. I report vengono generati automaticamente nella directory report/.</p>\n","urlObject":{"path":["sbom-generic-scanner"],"host":["{{base_url}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"f4945311-95fa-4d4e-ad5f-aa5bc4f5bd04"},{"name":"Scanner (parallel) - Scansiona singolo file","id":"5e38b982-b1e3-498f-96ba-53fc77329a4b","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n  \"sbomFile\": \"source-files/sbom/enriched/demo-sbom.json\",\n  \"enrichment\": \"internal\",\n  \"saveToDatabase\": true,\n  \"concurrency\": 20\n}","options":{"raw":{"language":"json"}}},"url":"{{sl-host}}:{{sl-port}}/sbom/generic/parallel-scan","description":"<p>Scansiona un singolo file SBOM per CVE. Il nome del progetto viene estratto dal filename. I report vengono generati automaticamente nella directory report/.</p>\n","urlObject":{"port":"{{sl-port}}","path":["sbom","generic","parallel-scan"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"5e38b982-b1e3-498f-96ba-53fc77329a4b"},{"name":"Scanner - Scansione multipla (batch)","id":"11d286bf-1130-4ff9-a232-6c871138095f","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"[\n    {\n        \"sbomFile\": \"source-files/sbom/demo-sbom.json\",\n        \"enrichment\": \"internal\",\n        \"saveToDatabase\": true\n    },\n    {\n        \"sbomFile\": \"source-files/sbom/jworld-sbom.json\",\n        \"enrichment\": \"internal\",\n        \"saveToDatabase\": true\n    }\n]","options":{"raw":{"language":"json"}}},"url":"{{base_url}}/sbom-generic-scanner","description":"<p>Esegue la scansione di più file SBOM in sequenza passando un array di configurazioni. Ogni elemento specifica il file e le opzioni di scansione.</p>\n","urlObject":{"path":["sbom-generic-scanner"],"host":["{{base_url}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"11d286bf-1130-4ff9-a232-6c871138095f"},{"name":"Enrichment - Interno (EPSS/CISA/EUVD) per Report","id":"39abd5d2-075a-4935-b50e-b0f36ad69863","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"reportId\": 1,\n    \"enrichment\": \"internal\"\n}","options":{"raw":{"language":"json"}}},"url":"{{base_url}}/sbom-generic-scanner/enrichment","description":"<p>Arricchisce tutte le vulnerabilità di un report con dati EPSS, CISA KEV e EUVD. Aggiorna i flag has_epss_data, has_cisa_kev, has_euvd_data nel database.</p>\n","urlObject":{"path":["sbom-generic-scanner","enrichment"],"host":["{{base_url}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"39abd5d2-075a-4935-b50e-b0f36ad69863"},{"name":"Enrichment - AI/LLM per Report","id":"c167ca3e-7d95-49e8-ad80-de2a37a8179a","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"reportId\": 1\n}","options":{"raw":{"language":"json"}}},"url":"{{base_url}}/sbom-generic-scanner/enrichment","description":"<p>Arricchisce le vulnerabilità con analisi AI/LLM. Ogni CVE viene analizzata dall'LLM configurato e il risultato viene salvato nella colonna llm_enrichment.</p>\n","urlObject":{"path":["sbom-generic-scanner","enrichment"],"host":["{{base_url}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"c167ca3e-7d95-49e8-ad80-de2a37a8179a"},{"name":"Enrichment - Per CVE specifiche","id":"401caed4-29f0-419b-9e57-d462c1437b4f","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"cveIds\": [\"CVE-2023-12345\", \"CVE-2023-67890\"],\n    \"enrichment\": \"internal\"\n}","options":{"raw":{"language":"json"}}},"url":"{{base_url}}/sbom-generic-scanner/enrichment","description":"<p>Arricchisce CVE specifiche passando un array di CVE IDs invece di un reportId.</p>\n","urlObject":{"path":["sbom-generic-scanner","enrichment"],"host":["{{base_url}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"401caed4-29f0-419b-9e57-d462c1437b4f"}],"id":"85cc83d2-fac7-4068-8a44-a7b84f7165e8","description":"<p>API per l'import dei dati SBOM, l'esecuzione della scansione vulnerabilità e l'arricchimento (enrichment) dei risultati.</p>\n","_postman_id":"85cc83d2-fac7-4068-8a44-a7b84f7165e8"},{"name":"UI - Progetti & Statistiche","item":[{"name":"Lista Progetti","id":"dde3b23d-7086-4ede-98e3-c6a7c515a1a4","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{base_url}}/sbom/generic/projects","description":"<p>Restituisce l'elenco di tutti i progetti disponibili nella tabella generic_sbom (nomi distinti).</p>\n","urlObject":{"path":["sbom","generic","projects"],"host":["{{base_url}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"dde3b23d-7086-4ede-98e3-c6a7c515a1a4"},{"name":"Stats aggregate per progetto","id":"7e2d91e4-0d9a-47f7-bb08-bbf7225a55f8","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{base_url}}/sbom/generic/stats/{{projectName}}","description":"<p>Restituisce le statistiche aggregate: conteggio componenti, versione prodotto e info tool CycloneDX per il progetto specificato.</p>\n","urlObject":{"path":["sbom","generic","stats","{{projectName}}"],"host":["{{base_url}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"7e2d91e4-0d9a-47f7-bb08-bbf7225a55f8"},{"name":"Conteggio componenti","id":"1d997ea2-b2d6-438a-ade6-99870a04b145","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{base_url}}/sbom/generic/stats/count/{{projectName}}","description":"<p>Restituisce il numero di componenti importati per il progetto specificato.</p>\n","urlObject":{"path":["sbom","generic","stats","count","{{projectName}}"],"host":["{{base_url}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"1d997ea2-b2d6-438a-ade6-99870a04b145"},{"name":"Versione build prodotto","id":"a3ebf90c-f482-4123-98ec-89310608f6d5","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{base_url}}/sbom/generic/stats/version/{{projectName}}","description":"<p>Restituisce la versione della build del prodotto per il progetto specificato.</p>\n","urlObject":{"path":["sbom","generic","stats","version","{{projectName}}"],"host":["{{base_url}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"a3ebf90c-f482-4123-98ec-89310608f6d5"},{"name":"Info tool SBOM","id":"c239f680-9e7e-40fd-a0a9-253f8f67fb90","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{base_url}}/sbom/generic/stats/tool/{{projectName}}","description":"<p>Restituisce le informazioni del tool di generazione SBOM: formato BOM, nome e versione del plugin (es. CycloneDX).</p>\n","urlObject":{"path":["sbom","generic","stats","tool","{{projectName}}"],"host":["{{base_url}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"c239f680-9e7e-40fd-a0a9-253f8f67fb90"},{"name":"Lista componenti progetto","id":"3743c031-0716-4b06-b3a9-8839a4cefb37","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{base_url}}/sbom/generic/components/{{projectName}}","description":"<p>Restituisce la lista completa dei componenti software per il progetto, con gruppo, versione, tipo e descrizione.</p>\n","urlObject":{"path":["sbom","generic","components","{{projectName}}"],"host":["{{base_url}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"3743c031-0716-4b06-b3a9-8839a4cefb37"}],"id":"0d21634b-6795-4cb4-ad1a-1ff0cc609be1","description":"<p>API per la visualizzazione lato UI: elenco progetti, statistiche SBOM, componenti e informazioni tool.</p>\n","_postman_id":"0d21634b-6795-4cb4-ad1a-1ff0cc609be1"},{"name":"UI - Vulnerabilità","item":[{"name":"Totale vulnerabilità (globale)","id":"197acc3e-40ae-4f15-91ba-ea6346c4c084","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{base_url}}/sbom/generic/vulnerabilities/total","description":"<p>Restituisce il conteggio totale delle vulnerabilità di tutti i progetti.</p>\n","urlObject":{"path":["sbom","generic","vulnerabilities","total"],"host":["{{base_url}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"197acc3e-40ae-4f15-91ba-ea6346c4c084"},{"name":"Totale vulnerabilità (per progetto)","id":"295133d4-d5ea-48a5-a9bb-38aa0052335f","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{base_url}}/sbom/generic/vulnerabilities/total?projectName={{projectName}}","description":"<p>Restituisce il conteggio totale delle vulnerabilità filtrato per progetto.</p>\n","urlObject":{"path":["sbom","generic","vulnerabilities","total"],"host":["{{base_url}}"],"query":[{"key":"projectName","value":"{{projectName}}"}],"variable":[]}},"response":[],"_postman_id":"295133d4-d5ea-48a5-a9bb-38aa0052335f"},{"name":"Vulnerabilità per severity (globale)","id":"fa1aeb25-29fa-47b8-bedb-56cfaa15d78e","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{base_url}}/sbom/generic/vulnerabilities/severity","description":"<p>Restituisce il conteggio delle vulnerabilità suddivise per gravità (critical, high, medium, low, unknown) - globale.</p>\n","urlObject":{"path":["sbom","generic","vulnerabilities","severity"],"host":["{{base_url}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"fa1aeb25-29fa-47b8-bedb-56cfaa15d78e"},{"name":"Vulnerabilità per severity (per progetto)","id":"0306dcf5-451e-47da-95c9-4a3f30ff7536","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{base_url}}/sbom/generic/vulnerabilities/severity?projectName={{projectName}}","description":"<p>Restituisce il conteggio delle vulnerabilità per gravità filtrato per progetto.</p>\n","urlObject":{"path":["sbom","generic","vulnerabilities","severity"],"host":["{{base_url}}"],"query":[{"key":"projectName","value":"{{projectName}}"}],"variable":[]}},"response":[],"_postman_id":"0306dcf5-451e-47da-95c9-4a3f30ff7536"},{"name":"Componenti scansionati (globale)","id":"cd901de6-1b0a-4307-b6f1-dd5b7570ce22","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{base_url}}/sbom/generic/vulnerabilities/components-scanned","description":"<p>Restituisce il numero di componenti scansionati - globale.</p>\n","urlObject":{"path":["sbom","generic","vulnerabilities","components-scanned"],"host":["{{base_url}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"cd901de6-1b0a-4307-b6f1-dd5b7570ce22"},{"name":"Componenti scansionati (per progetto)","id":"e869264d-4b04-4d33-b535-a77fbc0e771a","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{base_url}}/sbom/generic/vulnerabilities/components-scanned?projectName={{projectName}}","description":"<p>Restituisce il numero di componenti scansionati filtrato per progetto.</p>\n","urlObject":{"path":["sbom","generic","vulnerabilities","components-scanned"],"host":["{{base_url}}"],"query":[{"key":"projectName","value":"{{projectName}}"}],"variable":[]}},"response":[],"_postman_id":"e869264d-4b04-4d33-b535-a77fbc0e771a"},{"name":"Distribuzione CVSS score (globale)","id":"fa2e37b8-2100-4204-b5aa-ded88c6bb2ff","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{base_url}}/sbom/generic/vulnerabilities/distribution","description":"<p>Restituisce l'istogramma della distribuzione delle vulnerabilità per range di CVSS score (bin da 0.5).</p>\n","urlObject":{"path":["sbom","generic","vulnerabilities","distribution"],"host":["{{base_url}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"fa2e37b8-2100-4204-b5aa-ded88c6bb2ff"},{"name":"Distribuzione CVSS score (per progetto)","id":"17eb4d97-3c63-48f3-ac64-98fe77ebf12e","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{base_url}}/sbom/generic/vulnerabilities/distribution?projectName={{projectName}}","description":"<p>Restituisce l'istogramma della distribuzione CVSS filtrato per progetto.</p>\n","urlObject":{"path":["sbom","generic","vulnerabilities","distribution"],"host":["{{base_url}}"],"query":[{"key":"projectName","value":"{{projectName}}"}],"variable":[]}},"response":[],"_postman_id":"17eb4d97-3c63-48f3-ac64-98fe77ebf12e"},{"name":"Matrice componente-vulnerabilità (globale)","id":"548b7533-ef7a-4d59-bfce-f68037af011d","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{base_url}}/sbom/generic/vulnerabilities/matrix","description":"<p>Restituisce la matrice componente-vulnerabilità con score medio e conteggio CVE per componente.</p>\n","urlObject":{"path":["sbom","generic","vulnerabilities","matrix"],"host":["{{base_url}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"548b7533-ef7a-4d59-bfce-f68037af011d"},{"name":"Matrice componente-vulnerabilità (per progetto)","id":"8e1f3860-67e5-41d3-a30d-558d425328b8","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{base_url}}/sbom/generic/vulnerabilities/matrix?projectName={{projectName}}","description":"<p>Restituisce la matrice componente-vulnerabilità filtrata per progetto.</p>\n","urlObject":{"path":["sbom","generic","vulnerabilities","matrix"],"host":["{{base_url}}"],"query":[{"key":"projectName","value":"{{projectName}}"}],"variable":[]}},"response":[],"_postman_id":"8e1f3860-67e5-41d3-a30d-558d425328b8"},{"name":"Score dettagliati (globale)","id":"83710119-7059-4d1e-bec9-425c814fbbe6","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{base_url}}/sbom/generic/vulnerabilities/score-detailed","description":"<p>Restituisce il dettaglio delle vulnerabilità raggruppate per CVSS score preciso.</p>\n","urlObject":{"path":["sbom","generic","vulnerabilities","score-detailed"],"host":["{{base_url}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"83710119-7059-4d1e-bec9-425c814fbbe6"},{"name":"Score dettagliati (per progetto)","id":"97b9751e-42f1-4b16-b13b-cd6937b5094b","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{base_url}}/sbom/generic/vulnerabilities/score-detailed?projectName={{projectName}}","description":"<p>Restituisce il dettaglio degli score CVSS filtrato per progetto.</p>\n","urlObject":{"path":["sbom","generic","vulnerabilities","score-detailed"],"host":["{{base_url}}"],"query":[{"key":"projectName","value":"{{projectName}}"}],"variable":[]}},"response":[],"_postman_id":"97b9751e-42f1-4b16-b13b-cd6937b5094b"},{"name":"Lista vulnerabilità progetto","id":"59d1b2d7-0eb1-42e7-84ac-c207063bbfda","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{base_url}}/sbom/generic/vulnerabilities/list/{{projectName}}","description":"<p>Restituisce tutte le vulnerabilità per il progetto con tutti i dettagli: CVE ID, componente, severity, CVSS, flag enrichment (EPSS, CISA KEV, EUVD, LLM).</p>\n","urlObject":{"path":["sbom","generic","vulnerabilities","list","{{projectName}}"],"host":["{{base_url}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"59d1b2d7-0eb1-42e7-84ac-c207063bbfda"},{"name":"CVE Enrichment Details","id":"cee910bf-df99-470a-a9f1-f2d27c220962","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{base_url}}/sbom/generic/cve/CVE-2021-29425/enrichment","description":"<p>Restituisce i dati di arricchimento per una specifica CVE: EUVD (European Union Vulnerability Database) e EPSS (Exploit Prediction Scoring System). Sostituire CVE-2021-29425 con la CVE desiderata.</p>\n","urlObject":{"path":["sbom","generic","cve","CVE-2021-29425","enrichment"],"host":["{{base_url}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"cee910bf-df99-470a-a9f1-f2d27c220962"}],"id":"11e97ba4-118c-4fa2-a7c2-aa67985ac0a1","description":"<p>API per la visualizzazione delle vulnerabilità lato UI: conteggi, distribuzioni, matrici e liste dettagliate.</p>\n","_postman_id":"11e97ba4-118c-4fa2-a7c2-aa67985ac0a1"},{"name":"UI - Network Graph","item":[{"name":"Nodi grafo (globale)","id":"850bda5f-47a8-4d13-91b9-dd941122e18a","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{base_url}}/sbom/generic/network-graph/nodes","description":"<p>Restituisce i nodi per il grafo di rete: componenti e CVE. Globale su tutti i progetti.</p>\n","urlObject":{"path":["sbom","generic","network-graph","nodes"],"host":["{{base_url}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"850bda5f-47a8-4d13-91b9-dd941122e18a"},{"name":"Nodi grafo (per progetto)","id":"cb5558a4-050c-4929-bfae-8e26b720817c","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{base_url}}/sbom/generic/network-graph/nodes?projectName={{projectName}}","description":"<p>Restituisce i nodi per il grafo di rete filtrati per progetto.</p>\n","urlObject":{"path":["sbom","generic","network-graph","nodes"],"host":["{{base_url}}"],"query":[{"key":"projectName","value":"{{projectName}}"}],"variable":[]}},"response":[],"_postman_id":"cb5558a4-050c-4929-bfae-8e26b720817c"},{"name":"Link grafo (globale)","id":"7c04ca26-f75c-490f-acf5-8367a45628a8","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{base_url}}/sbom/generic/network-graph/links","description":"<p>Restituisce i link (archi) per il grafo che collegano componenti a CVE, con severity e CVSS score.</p>\n","urlObject":{"path":["sbom","generic","network-graph","links"],"host":["{{base_url}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"7c04ca26-f75c-490f-acf5-8367a45628a8"},{"name":"Link grafo (per progetto)","id":"f4909925-fafd-4200-9f36-e250682fdcb9","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{base_url}}/sbom/generic/network-graph/links?projectName={{projectName}}","description":"<p>Restituisce i link del grafo filtrati per progetto.</p>\n","urlObject":{"path":["sbom","generic","network-graph","links"],"host":["{{base_url}}"],"query":[{"key":"projectName","value":"{{projectName}}"}],"variable":[]}},"response":[],"_postman_id":"f4909925-fafd-4200-9f36-e250682fdcb9"}],"id":"89457639-1940-4e18-be4e-ed2d66e0225c","description":"<p>API per la visualizzazione del grafo di rete componenti-CVE nella UI.</p>\n","_postman_id":"89457639-1940-4e18-be4e-ed2d66e0225c"},{"name":"UI - Report","item":[{"name":"Lista report (tutti)","id":"87f5c8b8-787a-4878-90a1-6e36af3b451f","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{base_url}}/sbom-generic-reports?page=1&pageSize=20","description":"<p>Restituisce la lista paginata di tutti i report di scansione SBOM generici.</p>\n","urlObject":{"path":["sbom-generic-reports"],"host":["{{base_url}}"],"query":[{"key":"page","value":"1"},{"key":"pageSize","value":"20"}],"variable":[]}},"response":[],"_postman_id":"87f5c8b8-787a-4878-90a1-6e36af3b451f"},{"name":"Lista report (filtro per progetto)","id":"8f2e46c5-bdf5-471d-b65e-2e071b6c40da","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{base_url}}/sbom-generic-reports?page=1&pageSize=20&projectName={{projectName}}","description":"<p>Restituisce la lista paginata dei report filtrata per un progetto specifico.</p>\n","urlObject":{"path":["sbom-generic-reports"],"host":["{{base_url}}"],"query":[{"key":"page","value":"1"},{"key":"pageSize","value":"20"},{"key":"projectName","value":"{{projectName}}"}],"variable":[]}},"response":[],"_postman_id":"8f2e46c5-bdf5-471d-b65e-2e071b6c40da"},{"name":"Dashboard Stats (globale)","id":"38f514a7-0cc0-4a51-9637-3c66e6d1ba1b","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{base_url}}/sbom-generic-reports/stats/dashboard?days=30","description":"<p>Statistiche aggregate per la dashboard: totale scansioni, media vulnerabilità, totale critical/high, ultima scansione, progetti unici.</p>\n","urlObject":{"path":["sbom-generic-reports","stats","dashboard"],"host":["{{base_url}}"],"query":[{"key":"days","value":"30"}],"variable":[]}},"response":[],"_postman_id":"38f514a7-0cc0-4a51-9637-3c66e6d1ba1b"},{"name":"Dashboard Stats (per progetto)","id":"bd2ba8c2-7478-4c25-8b52-ec4c174df0ad","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{base_url}}/sbom-generic-reports/stats/dashboard?projectName={{projectName}}&days=30","description":"<p>Statistiche aggregate filtrate per un progetto specifico.</p>\n","urlObject":{"path":["sbom-generic-reports","stats","dashboard"],"host":["{{base_url}}"],"query":[{"key":"projectName","value":"{{projectName}}"},{"key":"days","value":"30"}],"variable":[]}},"response":[],"_postman_id":"bd2ba8c2-7478-4c25-8b52-ec4c174df0ad"},{"name":"Dettaglio report per ID","id":"fd84c9dd-01f4-4658-9f0e-fe9c12443e3d","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{base_url}}/sbom-generic-reports/1","description":"<p>Restituisce il dettaglio completo di un singolo report con tutte le vulnerabilità e dati di enrichment. Sostituire 1 con l'ID del report desiderato.</p>\n","urlObject":{"path":["sbom-generic-reports","1"],"host":["{{base_url}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"fd84c9dd-01f4-4658-9f0e-fe9c12443e3d"}],"id":"4d89805c-3f32-4b7a-a813-8c738459ef77","description":"<p>API per la visualizzazione e consultazione dei report di scansione salvati nel database.</p>\n","_postman_id":"4d89805c-3f32-4b7a-a813-8c738459ef77"}],"id":"55c77f15-181b-4af2-9baa-aca6599543fa","_postman_id":"55c77f15-181b-4af2-9baa-aca6599543fa","description":""},{"name":"CiCd","item":[{"name":"Backstage Io","item":[{"name":"SecLab Plugin","id":"e35d9fab-3580-4bd2-a365-b75da8d5d1be","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{backstagePluginToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:{{sl-port}}/backstageio?projectName=demo","description":"<p>Scansiona tutti i file *-sbom.json nella directory sorgente, cercando CVE per ogni componente con CPE. Genera report JSON/HTML e salva nel database.</p>\n","urlObject":{"port":"{{sl-port}}","path":["backstageio"],"host":["{{sl-host}}"],"query":[{"key":"projectName","value":"demo"}],"variable":[]}},"response":[{"id":"c5c86b16-ac90-4dae-8e8d-2e5d89f2ec8c","name":"SecLab Plugin","originalRequest":{"method":"GET","header":[],"url":{"raw":"{{sl-host}}:{{sl-port}}/backstageIo?projectName=demo","host":["{{sl-host}}"],"port":"{{sl-port}}","path":["backstageIo"],"query":[{"key":"projectName","value":"demo"}]}},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"237"},{"key":"ETag","value":"W/\"ed-NZxgWAmVOOY93hcQXPvbxoJpNbY\""},{"key":"Date","value":"Tue, 17 Feb 2026 10:13:57 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n    \"success\": true,\n    \"data\": [\n        {\n            \"project_name\": \"demo\",\n            \"product_version\": \"0.0.0\",\n            \"product_group\": null,\n            \"components_scanned\": 284,\n            \"components_with_cves\": 4,\n            \"total_vulnerabilities\": 7,\n            \"critical_count\": 0,\n            \"high_count\": 2,\n            \"medium_count\": 5,\n            \"low_count\": 0\n        }\n    ]\n}"}],"_postman_id":"e35d9fab-3580-4bd2-a365-b75da8d5d1be"}],"id":"96d5a1cc-9219-4938-a0f3-42b78c512f52","_postman_id":"96d5a1cc-9219-4938-a0f3-42b78c512f52","description":""},{"name":"Backstage v1 - todelete","id":"99f84619-ffb7-4faf-9213-2ae76752792d","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"assignee\": \"mario.rossi@mail.com\",\n    \"treshold\": true\n}","options":{"raw":{"language":"json"}}},"url":"{{sl-host}}:{{sl-port}}/cicd/plugin?projectName=demo","description":"<p>Scansiona tutti i file *-sbom.json nella directory sorgente, cercando CVE per ogni componente con CPE. Genera report JSON/HTML e salva nel database.</p>\n","urlObject":{"port":"{{sl-port}}","path":["cicd","plugin"],"host":["{{sl-host}}"],"query":[{"key":"projectName","value":"demo"},{"disabled":true,"key":"assignee","value":"daniele.bertocchi"},{"disabled":true,"key":"treshold","value":"false"}],"variable":[]}},"response":[],"_postman_id":"99f84619-ffb7-4faf-9213-2ae76752792d"},{"name":"Backstage","id":"36895e96-ffc4-4a0f-b283-8c6d5c31a59b","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"formdata","formdata":[{"key":"sbom","type":"file","uuid":"60f18b96-f667-429a-a232-9edfc12a8053","src":"/C:/Temp/hooli-sbom.json"}]},"url":"{{sl-host}}:{{sl-port}}/cicd/plugin?projectName=hooli&treshold=false&assignee=daniele.bertocchi","description":"<p>Scansiona tutti i file *-sbom.json nella directory sorgente, cercando CVE per ogni componente con CPE. Genera report JSON/HTML e salva nel database.</p>\n","urlObject":{"port":"{{sl-port}}","path":["cicd","plugin"],"host":["{{sl-host}}"],"query":[{"key":"projectName","value":"hooli"},{"key":"treshold","value":"false"},{"key":"assignee","value":"daniele.bertocchi"}],"variable":[]}},"response":[],"_postman_id":"36895e96-ffc4-4a0f-b283-8c6d5c31a59b"},{"name":"test","id":"14c1dd11-4c9f-42bd-affb-daba9ac015ef","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"formdata","formdata":[{"key":"sbom","type":"file","uuid":"60f18b96-f667-429a-a232-9edfc12a8053","src":"/C:/repo/jbl/target/jbl-bom.json"}]},"url":"{{sl-host}}:{{sl-port}}/sbom/generic/vulnerability-management/scan?projectName=jbl&treshold=false&assignee=daniele.bertocchi","description":"<p>Scansiona tutti i file *-sbom.json nella directory sorgente, cercando CVE per ogni componente con CPE. Genera report JSON/HTML e salva nel database.</p>\n","urlObject":{"port":"{{sl-port}}","path":["sbom","generic","vulnerability-management","scan"],"host":["{{sl-host}}"],"query":[{"key":"projectName","value":"jbl"},{"key":"treshold","value":"false"},{"key":"assignee","value":"daniele.bertocchi"}],"variable":[]}},"response":[],"_postman_id":"14c1dd11-4c9f-42bd-affb-daba9ac015ef"}],"id":"e238f534-d664-443d-a9dc-0920c32c16fb","_postman_id":"e238f534-d664-443d-a9dc-0920c32c16fb","description":""},{"name":"CiCd Params","item":[{"name":"Get CiCd Logs","id":"8f187a7e-a009-46a7-8018-7fbc7a937a6f","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:{{sl-port}}/cicd","description":"<p>Scansiona tutti i file *-sbom.json nella directory sorgente, cercando CVE per ogni componente con CPE. Genera report JSON/HTML e salva nel database.</p>\n","urlObject":{"port":"{{sl-port}}","path":["cicd"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"8f187a7e-a009-46a7-8018-7fbc7a937a6f"},{"name":"Update CiCd","id":"8ff147f0-2f31-4753-adf1-8fee07c3e6fa","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n    \"source\": \"192.168.1.50\",\r\n    \"project_name_branch\": \"frontend-app/main\",\r\n    \"assignee\": \"daniele.bertocchi\",\r\n    \"treshold\": true\r\n}","options":{"raw":{"language":"json"}}},"url":"{{sl-host}}:{{sl-port}}/cicd","description":"<p>Scansiona tutti i file *-sbom.json nella directory sorgente, cercando CVE per ogni componente con CPE. Genera report JSON/HTML e salva nel database.</p>\n","urlObject":{"port":"{{sl-port}}","path":["cicd"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"8ff147f0-2f31-4753-adf1-8fee07c3e6fa"},{"name":"Get CiCd Treshold","id":"c6a2a6fb-a626-4b8e-ba2b-349717a9ee8c","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:{{sl-port}}/cicd/treshold","description":"<p>Scansiona tutti i file *-sbom.json nella directory sorgente, cercando CVE per ogni componente con CPE. Genera report JSON/HTML e salva nel database.</p>\n","urlObject":{"port":"{{sl-port}}","path":["cicd","treshold"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"c6a2a6fb-a626-4b8e-ba2b-349717a9ee8c"},{"name":"Update CiCd Treshold","id":"5a67ced0-f615-4ffa-90d4-23d1c4ed20d7","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n    \"treshold\": true,\r\n    \"treshold_score\": 8.0\r\n}","options":{"raw":{"language":"json"}}},"url":"{{sl-host}}:{{sl-port}}/cicd/treshold","description":"<p>Scansiona tutti i file *-sbom.json nella directory sorgente, cercando CVE per ogni componente con CPE. Genera report JSON/HTML e salva nel database.</p>\n","urlObject":{"port":"{{sl-port}}","path":["cicd","treshold"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"5a67ced0-f615-4ffa-90d4-23d1c4ed20d7"},{"name":"Get CiCd Params","id":"f3e1981e-16e4-4cdb-9ceb-245a419e7e1a","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{sl-host}}:{{sl-port}}/cicd/params","description":"<p>Scansiona tutti i file *-sbom.json nella directory sorgente, cercando CVE per ogni componente con CPE. Genera report JSON/HTML e salva nel database.</p>\n","urlObject":{"port":"{{sl-port}}","path":["cicd","params"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"f3e1981e-16e4-4cdb-9ceb-245a419e7e1a"},{"name":"Update CiCd Params","id":"44ed5f66-54fa-4d94-8996-cbaa5fd322f6","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n    \"jiraissue\": true,\r\n    \"issue_treshold\": 7.5,\r\n    \"webexnotification\": true\r\n}","options":{"raw":{"language":"json"}}},"url":"{{sl-host}}:{{sl-port}}/cicd/params","description":"<p>Scansiona tutti i file *-sbom.json nella directory sorgente, cercando CVE per ogni componente con CPE. Genera report JSON/HTML e salva nel database.</p>\n","urlObject":{"port":"{{sl-port}}","path":["cicd","params"],"host":["{{sl-host}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"44ed5f66-54fa-4d94-8996-cbaa5fd322f6"}],"id":"4ce7e8f2-690c-4836-8058-6f674fa595fb","_postman_id":"4ce7e8f2-690c-4836-8058-6f674fa595fb","description":""},{"name":"Vulnerability Management Process","item":[{"name":"Run Process","id":"53c9b243-4032-42df-bc95-14542ec50a4a","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"formdata","formdata":[{"key":"sbom","type":"file","uuid":"60f18b96-f667-429a-a232-9edfc12a8053","src":"/C:/repo/jbl/target/jbl-bom.json"}]},"url":"{{sl-host}}:{{sl-port}}/sbom/generic/vulnerability-management/scan?projectName=jbl&treshold=false&assignee=daniele.bertocchi","description":"<p>Scansiona tutti i file *-sbom.json nella directory sorgente, cercando CVE per ogni componente con CPE. Genera report JSON/HTML e salva nel database.</p>\n","urlObject":{"port":"{{sl-port}}","path":["sbom","generic","vulnerability-management","scan"],"host":["{{sl-host}}"],"query":[{"key":"projectName","value":"jbl"},{"key":"treshold","value":"false"},{"key":"assignee","value":"daniele.bertocchi"}],"variable":[]}},"response":[],"_postman_id":"53c9b243-4032-42df-bc95-14542ec50a4a"},{"name":"Run Process Second Api","id":"64e02fdb-0cf2-48ac-909e-c8fcc3e727bd","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{authToken}}"}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"formdata","formdata":[{"key":"sbom","type":"file","uuid":"60f18b96-f667-429a-a232-9edfc12a8053","src":"/C:/repo/jbl/target/jbl-bom.json"}]},"url":"{{sl-host}}:{{sl-port}}/cicd/plugin/runSecLabAnalysis?projectName=jbl&treshold=false&assignee=daniele.bertocchi","description":"<p>Scansiona tutti i file *-sbom.json nella directory sorgente, cercando CVE per ogni componente con CPE. Genera report JSON/HTML e salva nel database.</p>\n","urlObject":{"port":"{{sl-port}}","path":["cicd","plugin","runSecLabAnalysis"],"host":["{{sl-host}}"],"query":[{"key":"projectName","value":"jbl"},{"key":"treshold","value":"false"},{"key":"assignee","value":"daniele.bertocchi"}],"variable":[]}},"response":[],"_postman_id":"64e02fdb-0cf2-48ac-909e-c8fcc3e727bd"}],"id":"5bed5800-aa02-4b5e-94f3-89a9f9fd1a33","_postman_id":"5bed5800-aa02-4b5e-94f3-89a9f9fd1a33","description":""}]}