ca.islandora.alpaca:islandora-alpaca-app (>=2.0.0 <=2.2.0), ca.islandora.alpaca:islandora-connector-derivative (>=2.0.0 <=2.2.0) +82 more potentially affected by CVE-2026-40453 via org.apache.camel:camel-jms (>=3.0.0-M1 <=4.14.5)

org.apache.camel:camel-jms MAVEN version =3.0.0-M1, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =3.0.0, =0.46, =0.3, =0.5, =0.1, =0.1, =1.0, =4.3.7.hyte-4307a, =4.3.7.hyte-4307a, =hyte-mq-4.3.7.hyte-43072 and more Source cves: CVE-2026-40453 Source advisory: SNYK:JAVA-ORGAPACHECAMEL-16321636...

CVE-2026-3215

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Islandora allows Cross-Site Scripting XSS.This issue affects Islandora: from 0.0.0 before 2.17.5...

EUVD-2026-15474

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Islandora allows Cross-Site Scripting XSS.This issue affects Islandora: from 0.0.0 before 2.17.5...

CVE-2026-3215

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Islandora allows Cross-Site Scripting XSS.This issue affects Islandora: from 0.0.0 before 2.17.5...

CVE-2026-3215 Islandora - Moderately critical - Arbitrary file upload, Cross-site scripting - SA-CONTRIB-2026-016

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Islandora allows Cross-Site Scripting XSS.This issue affects Islandora: from 0.0.0 before 2.17.5...

CVE-2026-3215 Islandora - Moderately critical - Arbitrary file upload, Cross-site scripting - SA-CONTRIB-2026-016

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Islandora allows Cross-Site Scripting XSS.This issue affects Islandora: from 0.0.0 before 2.17.5...

CVE-2026-3215

CVE-2026-3215 affects Drupal Islandora prior to 2.17.5, due to improper input neutralization during web page generation, enabling Cross-Site Scripting (XSS). The root cause involves insufficient sanitization of URI paths used in a custom route for attaching media to nodes. The issue requires the ...

Drupal Islandora 安全漏洞

Drupal Islandora is an extension platform for content management systems developed by the Drupal company, used for digital asset management and digital library construction. Versions of Drupal Islandora prior to 2.17.5 contained a security vulnerability caused by improper input handling, which...

DRUPAL-CONTRIB-2026-016

This module integrates with Islandora, an open-source digital asset management DAM framework. Islandora integrates with various open-source services, which can be run in a distributed environment. The module doesn't sufficiently sanitize URI paths for its custom route used for attaching media to...

Islandora - Moderately critical - Arbitrary file upload, Cross-site scripting - SA-CONTRIB-2026-016

This module integrates with Islandora, an open-source digital asset management DAM framework. Islandora integrates with various open-source services, which can be run in a distributed environment. The module doesn't sufficiently sanitize URI paths for its custom route used for attaching media to...

PT-2026-22087

Name of the Vulnerable Software and Affected Versions Drupal Islandora versions prior to 2.17.5 Description A flaw exists in Drupal Islandora that allows for Cross-Site Scripting XSS. The issue stems from insufficient sanitization of URI paths used in a custom route for attaching media to nodes...

EUVD-2025-4966

Malicious code in bioql PyPI...

CVE-2025-25286 Crayfish allows Remote Code Execution via Homarus Authorization header

Crayfish is a collection of Islandora 8 microservices, one of which, Homarus, provides FFmpeg as a microservice. Prior to Crayfish version 4.1.0, remote code execution may be possible in web-accessible installations of Homarus in certain configurations. The issue has been patched in...

Crayfish 安全漏洞

Crayfish is a collection of Islandora microservices open-sourced by Islandora. A security vulnerability exists in Crayfish that stems from remote code execution that can occur in Homarus installations that are accessible via the Web under certain configurations...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the X-Islandora-Args header. An attacker can execute arbitrary code on the server by sending a crafted request containing malicious inp...

Failure to Sanitize Paired Delimiters

Overview Affected versions of this package are vulnerable to Failure to Sanitize Paired Delimiters via the Authorization header, by sending a crafted request to the /convert endpoint. Note: This is only exploitable if the Homarus microservice is directly accessible from the Internet. Remediation...

Privilege Escalation

Islandora is vulnerable to privilege escalation. An attacker is able to upload content into a repository without any permissions...

Islandora 2.0 before 2.4.1 could allow any user to upload content into a repository

Impact This vulnerability would allow any user, regardless of permissions, to upload content into a repository. This affects installations of Islandora core 2.0 or greater. Patches Upgrade immediately to the latest release of Islandora. Workarounds In lieu of an upgrade the following module can b...

GHSA-M58Q-QQ5H-MGQQ Islandora 2.0 before 2.4.1 could allow any user to upload content into a repository

Impact This vulnerability would allow any user, regardless of permissions, to upload content into a repository. This affects installations of Islandora core 2.0 or greater. Patches Upgrade immediately to the latest release of Islandora. Workarounds In lieu of an upgrade the following module can b...

ca.islandora.alpaca:islandora-connector-broadcast (>=0.2.0 <=0.3.0), ca.islandora.alpaca:islandora-indexing-triplestore (>=0.2.0 <=0.3.0) +913 more potentially affected by CVE-2017-5643 via org.apache.camel:camel-core (>=2.18.0 <=2.18.1)

org.apache.camel:camel-core MAVEN version =2.18.0, =0.2.0, =0.2.0, =2.7, =2.18.0, =2.18.1 - com.tatsuyafw:camel-fluentd =2.18.0 - cool.pandora:acrepo-exts-image =0.0.3 - cool.pandora:pandora-exts-encoder =0.0.4 and more Source cves: CVE-2017-5643 Source advisory: OSV:GHSA-VQ9J-JH62-5HMP...