Good point. Let me check with ASF security.
On Wed, Oct 29, 2025 at 6:04 AM Vladimir Sitnikov <[email protected]> wrote: > > Hi, > > Could you please update the CVE metadata so it includes both packages: > org.apache.tika:tika-parser-pdf-module and org.apache.tika:tika-parsers? > > Currently, the CVE lists only tika-parser-pdf-module artifact, so the > scanners do not > detect the vulnerabilities if the software uses 1.x "all in one" > tika-parsers.jar > > I've filed an improvement to GitHub vulnerability database, however, > it would be great if you could update the base CVE metadata as well: > https://github.com/github/advisory-database/pull/6366 > > Vladimir
