Maven package
org.cyclonedx/cyclonedx-core-java
pkg:maven/org.cyclonedx/cyclonedx-core-java
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-64518 | Hig | 7.5 | >= 2.1.0, < 11.0.1 | 11.0.1 | Nov 10, 2025 | The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Starting in version 2.1.0 and prior to version 11.0.1, the XML `Validator` used by cyclonedx-core-java was not configured securely, mak | |
| CVE-2024-38374 | Hig | 7.5 | >= 2.1.0, < 9.0.4 | 9.0.4 | Jun 28, 2024 | The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Before deserializing CycloneDX Bill of Materials in XML format, _cyclonedx-core-java_ leverages XPath expressions to determine the sche |
- affected >= 2.1.0, < 11.0.1fixed 11.0.1
The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Starting in version 2.1.0 and prior to version 11.0.1, the XML `Validator` used by cyclonedx-core-java was not configured securely, mak
- affected >= 2.1.0, < 9.0.4fixed 9.0.4
The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Before deserializing CycloneDX Bill of Materials in XML format, _cyclonedx-core-java_ leverages XPath expressions to determine the sche