VYPR
Vendor

Cyclonedx

Products
4
CVEs
5
Across products
5
Status
Private

Products

4

Recent CVEs

5
  • CVE-2024-34345HigMay 14, 2024
    risk 0.46cvss 8.1epss 0.01

    The CycloneDX JavaScript library contains the core functionality of OWASP CycloneDX for JavaScript. In 6.7.0, XML External entity injections were possible, when running the provided XML Validator on arbitrary input. This issue was fixed in version 6.7.1.

  • CVE-2025-64518HigNov 10, 2025
    risk 0.42cvss 7.5epss 0.00

    The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Starting in version 2.1.0 and prior to version 11.0.1, the XML `Validator` used by cyclonedx-core-java was not configured securely,…

  • CVE-2024-38374HigJun 28, 2024
    risk 0.42cvss 7.5epss 0.01

    The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Before deserializing CycloneDX Bill of Materials in XML format, _cyclonedx-core-java_ leverages XPath expressions to determine the…

  • CVE-2026-55849higJun 19, 2026
    risk 0.38cvss epss

    ## Summary A command injection vulnerability exists in `@cyclonedx/cyclonedx-npm` when the CLI is invoked with the `--workspace ` option while the environment variable `npm_execpath` is unset or empty. User‑supplied `--workspace` values are passed to a subshell…

  • CVE-2022-24774Mar 22, 2022
    risk 0.00cvss epss 0.01

    CycloneDX BOM Repository Server is a bill of materials (BOM) repository server for distributing CycloneDX BOMs. CycloneDX BOM Repository Server before version 2.0.1 has an improper input validation vulnerability leading to path traversal. A malicious user may potentially exploit…