Path Traversal

org.dspace, dspace-api is vulnerable to path traversal. The vulnerability is due to improper validation of file paths in the Simple Archive Format SAF importer, which allows an attacker to craft a malicious SAF package referencing arbitrary system files...

de.the-library-code.dspace:addon-duplication-detection-service-api (>=6.2.0 <=6.3.1), de.the-library-code.dspace:addon-duplication-detection-service-jspui (>=6.2.0 <=6.3.1) +53 more potentially affected by CVE-2025-53622 via org.dspace:dspace-api (>=1.5-alpha <=7.0-preview-1)

org.dspace:dspace-api MAVEN version =1.5-alpha, =6.2.0, =6.2.0, =5.8.0, =5.8.0, =5.4.0, =5.4.0, =5.4.0, =3.0, =1.7.0, =1.7.0, =5.11 and more Source cves: CVE-2025-53622 Source advisory: OSV:GHSA-VHVX-8XGC-99WF...

org.dspace.modules:additions (=7.0-preview-1), org.dspace.modules:oai (=7.0-preview-1) +12 more potentially affected by CVE-2025-53622 via org.dspace:dspace-api (=7.0-preview-1)

org.dspace:dspace-api MAVEN version =7.0-preview-1 is affected by a known vulnerability. The following packages have a transitive dependency on org.dspace:dspace-api and may be impacted: - org.dspace.modules:additions =7.0-preview-1 - org.dspace.modules:oai =7.0-preview-1 - org.dspace.modules:rdf...

de.the-library-code.dspace:addon-duplication-detection-service-api (>=6.2.0 <=6.3.1), de.the-library-code.dspace:addon-duplication-detection-service-jspui (>=6.2.0 <=6.3.1) +53 more potentially affected by CVE-2025-53621 via org.dspace:dspace-api (>=1.5-alpha <=7.0-preview-1)

org.dspace:dspace-api MAVEN version =1.5-alpha, =6.2.0, =6.2.0, =5.8.0, =5.8.0, =5.4.0, =5.4.0, =5.4.0, =3.0, =1.7.0, =1.7.0, =5.11 and more Source cves: CVE-2025-53621 Source advisory: OSV:GHSA-JJWR-5CFH-7XWH...

org.dspace.modules:additions (=7.0-preview-1), org.dspace.modules:oai (=7.0-preview-1) +12 more potentially affected by CVE-2025-53621 via org.dspace:dspace-api (=7.0-preview-1)

org.dspace:dspace-api MAVEN version =7.0-preview-1 is affected by a known vulnerability. The following packages have a transitive dependency on org.dspace:dspace-api and may be impacted: - org.dspace.modules:additions =7.0-preview-1 - org.dspace.modules:oai =7.0-preview-1 - org.dspace.modules:rdf...

org.dspace.modules:additions (>=4.0 <=5.10), org.dspace.modules:jspui (>=4.0 <=5.10) +18 more potentially affected by CVE-2022-31195 via org.dspace:dspace-api (>=4.0 <=5.10)

org.dspace:dspace-api MAVEN version =4.0, =4.0, =4.0, =4.0, =5.0, =5.0, =4.0, =4.0, =4.0, =4.0, =4.0, =4.0, =4.0, =4.0, =4.0, =5.0, =5.10 and more Source cves: CVE-2022-31195 Source advisory: OSV:GHSA-8RMH-55H4-93H5...

de.the-library-code.dspace:addon-duplication-detection-service-api (>=6.2.0 <=6.3.1), de.the-library-code.dspace:addon-duplication-detection-service-jspui (>=6.2.0 <=6.3.1) +18 more potentially affected by CVE-2022-31195 via org.dspace:dspace-api (>=6.0 <=6.3)

org.dspace:dspace-api MAVEN version =6.0, =6.2.0, =6.2.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.3 and more Source cves: CVE-2022-31195 Source advisory: OSV:GHSA-8RMH-55H4-93H5...

org.dspace.modules:additions (=7.0-preview-1), org.dspace.modules:oai (=7.0-preview-1) +12 more potentially affected by CVE-2021-41189 via org.dspace:dspace-api (=7.0-preview-1)

org.dspace:dspace-api MAVEN version =7.0-preview-1 is affected by a known vulnerability. The following packages have a transitive dependency on org.dspace:dspace-api and may be impacted: - org.dspace.modules:additions =7.0-preview-1 - org.dspace.modules:oai =7.0-preview-1 - org.dspace.modules:rdf...