{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:a4b2e450-c319-5dfd-bdc4-d829f35d6538",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8",
      "type": "library",
      "group": "org.apache.tomcat.experimental",
      "name": "tomcat-embed-programmatic",
      "version": "9.0.90-tuxcare.8",
      "purl": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:b54ea8ed-d322-5daa-8efa-586ddba760f4",
      "id": "CVE-2020-11996",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2020-11996 affects version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:87a6be34-89e5-5721-ad60-38ff842bdffd",
      "id": "CVE-2020-13934",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2020-13934 affects version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:5f5c6764-b1ca-5740-a50b-de226a8350d4",
      "id": "CVE-2020-13943",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2020-13943 does not affect version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic. Fix for CVE-202-13943 for this version has been already backported by the original developers, so brunch 9.0.90 is not vulnerable"
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:1ec8ed7e-c2f8-52e5-a15a-7944bbdf4c86",
      "id": "CVE-2020-9484",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2020-9484 affects version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:76953e86-4586-5a68-b800-8fc945c9647f",
      "id": "CVE-2021-24122",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2021-24122 affects version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:2f7718cf-00e6-523d-a05a-45499ace6c7d",
      "id": "CVE-2021-42340",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2021-42340 does not affect version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic. Patches already applied: 31d62426645824bdfe076a0c0eafa904d90b4fb9 (already in target via 80f1438ec4 'Close WebConnection', a37a6d312c 'Fix BZ 68884 - improve handling of large scale WebSocket disconnects')"
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:017d9b6f-9e0b-58f8-94da-3d4ed8021cb0",
      "id": "CVE-2022-34305",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2022-34305 affects version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:faf7cff6-3e7e-521b-b987-fb4b267ae6d9",
      "id": "CVE-2022-45143",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2022-45143 affects version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d358fb0d-5ef0-53d2-aa98-966891888f01",
      "id": "CVE-2024-23672",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-23672 affects version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6175e7be-a2ac-5bed-9d0a-a32cf9a96cb5",
      "id": "CVE-2024-24549",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-24549 affects version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:55b64c6b-dcea-5689-95cc-cb7fef19e0d8",
      "id": "CVE-2024-50379",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:755f85b6-f2a2-5805-a5f4-5951fdd31cea",
      "id": "CVE-2024-52316",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e5cdf1cc-4cd8-573c-b795-58ab6d199471",
      "id": "CVE-2024-54677",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-54677 affects version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:670d3f53-16d6-56d6-9864-ec82ce909df8",
      "id": "CVE-2024-56337",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:8e67b293-c15a-5c7b-8661-2269894d057d",
      "id": "CVE-2025-24813",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e7e7af5f-1bf0-5d9b-a966-d1d65510a6ea",
      "id": "CVE-2025-31650",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ce2ce4c8-71df-5cdd-afe5-a612ddc20771",
      "id": "CVE-2025-31651",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-31651 affects version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:aab0a2f0-4f94-577c-84d8-89d5fbb13357",
      "id": "CVE-2025-46701",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:4b70df51-ba10-5b32-9f32-07736466e739",
      "id": "CVE-2025-48988",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:dc7cc966-955e-5884-aaf3-416ce18e0d6a",
      "id": "CVE-2025-48989",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:728241c7-59d4-5028-a895-bb40ae331088",
      "id": "CVE-2025-49124",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e63e605f-8e5b-55d3-8515-4cebb2895fc5",
      "id": "CVE-2025-49125",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-49125 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:357a3b46-8748-55aa-a628-9f9baa026a44",
      "id": "CVE-2025-52434",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:1301faac-e62a-5fd7-95ab-88c280cb1f1e",
      "id": "CVE-2025-52520",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:64101bdf-c5e6-5f27-8b7d-59efbab03639",
      "id": "CVE-2025-53506",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6cd526e0-c099-558a-8155-1f74f0062e39",
      "id": "CVE-2025-55668",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:fc4f2d34-1a2d-5a8e-b832-4f7e11ed5424",
      "id": "CVE-2025-55752",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-55752 affects version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f8a7baa0-25cb-5368-8e1e-66b548826b9f",
      "id": "CVE-2025-55754",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:630e4428-dec7-526e-8e54-d8a0d437892c",
      "id": "CVE-2025-61795",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:53590088-6a2f-5a19-88ba-6df4714295a2",
      "id": "CVE-2025-66614",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-66614 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:3c5d59d6-b9be-5ac8-8881-fde16a22f922",
      "id": "CVE-2026-24733",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-24733 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:4fc267e2-847a-595a-8fb0-d08e9771a578",
      "id": "CVE-2026-24734",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-24734 affects version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e98b9037-6c0a-5480-9dba-a0df42543952",
      "id": "CVE-2026-24880",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-24880 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6c6080ca-c3b2-5278-8466-fb70419c7880",
      "id": "CVE-2026-25854",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-25854 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ad2474a0-0fe9-53d1-89c1-9a45cde73350",
      "id": "CVE-2026-29145",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-29145 affects version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:9a043d8b-e332-5edd-a0dc-0a60641e281e",
      "id": "CVE-2026-29146",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-29146 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:599e826b-ac23-57cb-b9f5-7e23bab042be",
      "id": "CVE-2026-32990",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-32990 affects version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d7c43380-3598-53a7-a758-06e3414c69cd",
      "id": "CVE-2026-34483",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-34483 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:aa8ee4d3-012f-5b3d-9d17-1b975f128af2",
      "id": "CVE-2026-34486",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-34486 affects version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:25772085-1442-5f53-9187-5d141c84c0a4",
      "id": "CVE-2026-34487",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-34487 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:660f449d-0f4c-5a5d-be0a-a47350ae6c42",
      "id": "CVE-2026-41284",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-41284 affects version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f88a70d1-6d82-5aa4-9d13-1d2bd5e1d6c8",
      "id": "CVE-2026-41293",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-41293 affects version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:2b79da81-f91f-5880-a681-d53e11dd5fc6",
      "id": "CVE-2026-42498",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-42498 affects version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:5171cc50-0279-56ad-92ee-ffe7769b5f5a",
      "id": "CVE-2026-43512",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-43512 affects version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:1c01c356-e8c0-5d22-8c70-d99eec9a81a1",
      "id": "CVE-2026-43513",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-43513 affects version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:9d47340e-e463-5419-8995-4a229d01f164",
      "id": "CVE-2026-43514",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-43514 affects version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d8854b15-3881-521b-9b2a-bac265bfe47b",
      "id": "CVE-2026-43515",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-43515 affects version 9.0.90-tuxcare.8 of org.apache.tomcat.experimental:tomcat-embed-programmatic."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@9.0.90-tuxcare.8"
    }
  ]
}