The example for vuln.xml contains the line <range><ge>1.6</ge><lt>1.9</lt></range> which is explained as describing the interval 1.6 <= x <= 1.9, but is 1.6 <= x < 1.9 instead as is suggested by:
- the <ge> and <lt> tags;
- the output of pkg audit, which for the example would contain the line >= 1.6: < 1.9.