CycloneDX

The CycloneDX specification is initiated by OWASP and is focused on creating security context. It allows identifying known vulnerabilities in components using CPE, SWID, and PURL fields.

For more detail, please see the OWASP Vulnerability Naming Schemes and CycloneDX official documentation.