{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:d6391870-ec8c-5759-980f-64c828d6d593",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8",
      "type": "library",
      "group": "org.apache.tomcat",
      "name": "tomcat-i18n-cs",
      "version": "9.0.90-tuxcare.8",
      "purl": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:1928ed51-5cb3-5985-956f-3ab4ae93c0aa",
      "id": "CVE-2020-11996",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2020-11996 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:984aa292-4c6f-515d-9b78-33aa4c136b37",
      "id": "CVE-2020-13934",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2020-13934 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:4cfe21b4-2dc9-511b-9297-b5c19d5334e6",
      "id": "CVE-2020-13943",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2020-13943 does not affect version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs. Fix for CVE-202-13943 for this version has been already backported by the original developers, so brunch 9.0.90 is not vulnerable"
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:cb0660ed-347b-58af-80bc-d09dc3125d37",
      "id": "CVE-2020-9484",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2020-9484 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:bc8c2869-7aa2-595b-bb9e-0cca773a7c5f",
      "id": "CVE-2021-24122",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2021-24122 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:74d01e58-8fda-5f19-ace2-1bc278639a20",
      "id": "CVE-2021-42340",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2021-42340 does not affect version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs. Patches already applied: 31d62426645824bdfe076a0c0eafa904d90b4fb9 (already in target via 80f1438ec4 'Close WebConnection', a37a6d312c 'Fix BZ 68884 - improve handling of large scale WebSocket disconnects')"
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:94e4294b-ddd6-5c3e-8afc-15bae854ce5d",
      "id": "CVE-2022-34305",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2022-34305 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:850abe64-e07d-5661-806c-caf0a5fbce09",
      "id": "CVE-2022-45143",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2022-45143 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:34b24e55-7c26-5225-af02-3eb544491257",
      "id": "CVE-2024-23672",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-23672 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:19aaeee4-aca2-584c-b66a-3d8644f0563c",
      "id": "CVE-2024-24549",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-24549 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:46a4f785-66b1-526d-9b56-c22335921db2",
      "id": "CVE-2024-50379",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6528543d-cf27-5d4f-a87a-b643764374ba",
      "id": "CVE-2024-52316",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:cc2e41fd-17a6-5550-bf64-6358b1d54da5",
      "id": "CVE-2024-54677",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-54677 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:2de3c2b3-350b-5128-879c-235a9b9b4ddb",
      "id": "CVE-2024-56337",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:9f00d395-4898-5511-8c74-791e999b1045",
      "id": "CVE-2025-24813",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:893299ce-1bad-5e6e-b8e6-babbb429398f",
      "id": "CVE-2025-31650",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d204ca16-9206-5327-8d69-4c69ca588a6b",
      "id": "CVE-2025-31651",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-31651 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:4ba86483-98fe-5f49-afa8-22cadff96efa",
      "id": "CVE-2025-46701",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:7c8201bf-7ebe-5cb6-a6bd-5c6901f4a5e0",
      "id": "CVE-2025-48988",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:fb42ec2a-465c-5bd6-98a4-60e6778ad04e",
      "id": "CVE-2025-48989",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:0f16685c-0811-5f89-83e8-cd8f7f995b23",
      "id": "CVE-2025-49124",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6b79a4c4-91dd-501d-9e48-710137a26530",
      "id": "CVE-2025-49125",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-49125 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:481d1750-16a7-5bcc-ad41-26ae794e3762",
      "id": "CVE-2025-52434",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:bebe390e-a54d-5558-b251-4da167058789",
      "id": "CVE-2025-52520",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:792b2f72-e3b1-5514-83c6-bdad37682488",
      "id": "CVE-2025-53506",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:10d44eac-562e-5916-9bf4-46b80a2f97c4",
      "id": "CVE-2025-55668",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6d0342e5-921a-523f-9471-1f1963dbb055",
      "id": "CVE-2025-55752",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-55752 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:abbedc79-c391-5bed-aa4d-ef34214eda6f",
      "id": "CVE-2025-55754",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ad18e7e8-3f43-54ac-b589-7970a5ca7861",
      "id": "CVE-2025-61795",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f7d7eba6-87b2-5425-b830-4fea80f9b0e3",
      "id": "CVE-2025-66614",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-66614 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:1e1c6dd1-8131-5357-819e-1342f9bd9e6e",
      "id": "CVE-2026-24733",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-24733 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f070c428-c0f6-591c-9b1d-2226306fda7e",
      "id": "CVE-2026-24734",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-24734 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:b0b18219-6411-5edd-8501-42366c5fd4a9",
      "id": "CVE-2026-24880",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-24880 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:97b38834-0c84-5f84-b932-09c9e6258588",
      "id": "CVE-2026-25854",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-25854 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:55a68c65-af32-5d8b-b995-a9278700ea3e",
      "id": "CVE-2026-29145",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-29145 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e6feeba5-432b-555e-b614-f329a306bf2f",
      "id": "CVE-2026-29146",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-29146 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:2e0340a8-712c-5cb2-bc03-6c60a7a773ff",
      "id": "CVE-2026-32990",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-32990 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:7df889f8-4ff8-58a7-a1d3-b4288acc7200",
      "id": "CVE-2026-34483",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-34483 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:279b75a7-71c6-50fe-b61d-e2b6b44574ed",
      "id": "CVE-2026-34486",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-34486 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:300a788a-62ac-5ac6-91cb-d4f7098c5b91",
      "id": "CVE-2026-34487",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-34487 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:4feceea6-1ce3-5234-9b12-c05d441e6c98",
      "id": "CVE-2026-41284",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-41284 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f40ba487-cb35-5a83-bc7b-242b919883e4",
      "id": "CVE-2026-41293",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-41293 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:37d91238-7eff-5eba-9fbd-22073db879b4",
      "id": "CVE-2026-42498",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-42498 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d27954bf-018f-5a95-b0fb-0770764ae17b",
      "id": "CVE-2026-43512",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-43512 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:5248bc72-7abe-54ab-b259-b83b6a5105b1",
      "id": "CVE-2026-43513",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-43513 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:46107785-7855-51dc-98b2-eadc418f1802",
      "id": "CVE-2026-43514",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-43514 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d8d1b47d-3ffb-5ad9-a763-4f04b707b8a1",
      "id": "CVE-2026-43515",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-43515 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-i18n-cs."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-cs@9.0.90-tuxcare.8"
    }
  ]
}