CycloneDX — Vulnerabilities & Security Advisories 4

Browse all 4 CVE security advisories affecting CycloneDX. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by CycloneDX:cyclonedx-core-java cyclonedx-bom-repo-server cyclonedx-javascript-library

CVE ID	Title	CVSS	Severity	Published
CVE-2025-64518	CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection — cyclonedx-core-javaCWE-611	7.5	High	2025-11-10
CVE-2024-38374	Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java — cyclonedx-core-javaCWE-611	7.5	High	2024-06-28
CVE-2024-34345	@cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability — cyclonedx-javascript-libraryCWE-611	8.1	High	2024-05-09
CVE-2022-24774	Improper Input Validation leading to Path Traversal in CycloneDX BOM Repository Server — cyclonedx-bom-repo-serverCWE-20	7.1	High	2022-03-22

This page lists every published CVE security advisory associated with CycloneDX. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

CycloneDX — Vulnerabilities & Security Advisories 4