{
  "bundleId": "19bd7cf7-c7a6-4c1c-9b9c-6f2f794e9b1a",
  "advisoryId": "CVE-2025-12345",
  "tenant": "demo-tenant",
  "generatedAt": "2025-11-18T12:00:00Z",
  "schemaVersion": 0,
  "observations": [
    {
      "observationId": "obs-001",
      "source": "vendor.psirt",
      "purl": "pkg:maven/org.example/app@1.2.3",
      "cve": "CVE-2025-12345",
      "severity": "critical",
      "cvss": {
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "score": 9.8
      },
      "summary": "Remote code execution via deserialization of untrusted data.",
      "evidence": {
        "statement": "Vendor confirms unauthenticated RCE in versions <1.2.4",
        "references": ["https://example.com/advisory"]
      }
    }
  ],
  "signatures": [
    {
      "signature": "MEQCID...==",
      "keyId": "authority-root-1",
      "algorithm": "ecdsa-p256-sha256"
    }
  ]
}