{ "_id": "sha256:7b0c471f0b2c4c5f9e19f7bff4c3d9e4e7b2cbf7d5c3e0a58a0cc3314d2c9a10", "tenantId": "urn:tenant:123e4567-e89b-12d3-a456-426614174000", "advisoryId": "GHSA-aaaa-bbbb-cccc", "source": "lnm-correlator", "observations": [ "6560606df3c5d6ad3b5b0001", "6560606df3c5d6ad3b5b0002", "6560606df3c5d6ad3b5b0003" ], "key": { "vulnerabilityId": "GHSA-aaaa-bbbb-cccc", "productKey": "pkg:npm/leftpad", "confidence": 0.63 }, "normalized": { "purls": ["pkg:npm/leftpad"], "versions": ["1.3.0", "1.4.0"], "ranges": [ {"type": "semver", "events": [{"introduced": "0"}, {"fixed": "1.3.0"}]}, {"type": "semver", "events": [{"introduced": "1.3.0"}, {"fixed": "1.5.0"}]} ], "severities": [ {"system": "cvssv3", "score": 5.0, "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L"}, {"system": "cvssv4", "score": 4.8, "vector": "CVSS:4.0/AV:P/AC:H/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"} ] }, "conflicts": [ { "field": "severity", "reason": "severity-mismatch", "values": [ "vendorA:7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "vendorB:5.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L" ] }, { "field": "affected", "reason": "affected-range-divergence", "values": [ "vendorA:[0,1.3.0]", "vendorB:[1.3.0,1.5.0]", "vendorC:1.4.x only" ] }, { "field": "aliases", "reason": "alias-inconsistency", "values": [ "vendorA:GHSA-aaaa-bbbb-cccc", "vendorB:CVE-2024-11111" ] }, { "field": "references", "reason": "reference-clash", "values": [ "vendorA:https://blog.example.com/advisory", "vendorB:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11111" ] } ], "provenance": { "observationHashes": [ "8f0f9406349e62a7a9c28b24ec77cbb3b2a13f57d8dc2ed594a2c3fe6edbe201", "0e3ae50c3b2ab9e0ec2bf531d1a61583d79b4b0abeb8ec59269afeb7b8b5f050", "8c87cfcc22ebb7fa6e0c0e9e3d1de0d812e2fd6b05e8c6b0f2c8c7b7f988aaa2" ], "toolVersion": "lnm-21-002", "policyHash": "linkset-correlation-21-002" }, "createdAt": "2025-11-20T15:10:00Z", "builtByJobId": "corr-tenant123-ghsa-aaaa-bbbb-cccc" }