diff --git a/internal/formats/common/cyclonedxhelpers/decoder_test.go b/internal/formats/common/cyclonedxhelpers/decoder_test.go
index 40b95b9dd..f55ef5b80 100644
--- a/internal/formats/common/cyclonedxhelpers/decoder_test.go
+++ b/internal/formats/common/cyclonedxhelpers/decoder_test.go
@@ -272,4 +272,14 @@ func Test_missingDataDecode(t *testing.T) {
 
 	_, err = toSyftModel(bom)
 	assert.NoError(t, err)
+
+	pkg := decodeComponent(&cyclonedx.Component{
+		Licenses: &cyclonedx.Licenses{
+			{
+				License: nil,
+			},
+		},
+	})
+
+	assert.Len(t, pkg.Licenses, 0)
 }
diff --git a/internal/formats/common/cyclonedxhelpers/licenses.go b/internal/formats/common/cyclonedxhelpers/licenses.go
index 68da1967b..9acf70d39 100644
--- a/internal/formats/common/cyclonedxhelpers/licenses.go
+++ b/internal/formats/common/cyclonedxhelpers/licenses.go
@@ -26,7 +26,9 @@ func encodeLicenses(p pkg.Package) *cyclonedx.Licenses {
 func decodeLicenses(c *cyclonedx.Component) (out []string) {
 	if c.Licenses != nil {
 		for _, l := range *c.Licenses {
-			out = append(out, l.License.ID)
+			if l.License != nil {
+				out = append(out, l.License.ID)
+			}
 		}
 	}
 	return