Hi, Could you please update the CVE metadata so it includes both packages: org.apache.tika:tika-parser-pdf-module and org.apache.tika:tika-parsers?
Currently, the CVE lists only tika-parser-pdf-module artifact, so the scanners do not detect the vulnerabilities if the software uses 1.x "all in one" tika-parsers.jar I've filed an improvement to GitHub vulnerability database, however, it would be great if you could update the base CVE metadata as well: https://github.com/github/advisory-database/pull/6366 Vladimir
