cdxgen/cdxgen

GitHub

github.com

cdxgen.github.io

Releases493

Frequency4 days 18 hours

Last Release 15 days ago

Stars977

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-50611 ↗	Oct 27, 2024Sunday, 27 October 2024, 22:15	7.2 HIGH	—
CycloneDX cdxgen through 10.10.7, when run against an untrusted codebase, may execute code contained within build-related files such as build.gradle.kts, a similar issue to CVE-2022-24441. cdxgen is used by, for example, OWASP dep-scan. NOTE: this has been characterized as a design limitation, rather than an implementation mistake.