167 matches found
EUVD-2022-6608
Malicious code in bioql PyPI...
EUVD-2022-6483
Malicious code in bioql PyPI...
EUVD-2022-6498
Malicious code in bioql PyPI...
EUVD-2022-6519
Malicious code in bioql PyPI...
EUVD-2022-6531
Malicious code in bioql PyPI...
EUVD-2022-6529
Malicious code in bioql PyPI...
EUVD-2025-21448
Malicious code in bioql PyPI...
Path Traversal
org.dspace, dspace-api is vulnerable to path traversal. The vulnerability is due to improper validation of file paths in the Simple Archive Format SAF importer, which allows an attacker to craft a malicious SAF package referencing arbitrary system files...
CVE-2025-53621
DSpace open source software is a repository application which provides durable access to digital resources. Two related XML External Entity XXE injection possibilities impact all versions of DSpace prior to 7.6.4, 8.2, and 9.1. External entities are not disabled when parsing XML files during impo...
CVE-2025-53622
DSpace open source software is a repository application which provides durable access to digital resources. Prior to versions 7.6.4, 8.2, and 9.1, a path traversal vulnerability is possible during the import of an archive in Simple Archive Format, either from command-line ./dspace import command ...
Directory Traversal
Overview org.dspace:dspace-api is a DSpace core data model and service APIs. Affected versions of this package are vulnerable to Directory Traversal in the import process when handling Simple Archive Format packages. An attacker can access sensitive files on the server by crafting a malicious...
org.dspace.modules:additions (=7.0-preview-1), org.dspace.modules:oai (=7.0-preview-1) +12 more potentially affected by CVE-2025-53622 via org.dspace:dspace-api (=7.0-preview-1)
org.dspace:dspace-api MAVEN version =7.0-preview-1 is affected by a known vulnerability. The following packages have a transitive dependency on org.dspace:dspace-api and may be impacted: - org.dspace.modules:additions =7.0-preview-1 - org.dspace.modules:oai =7.0-preview-1 - org.dspace.modules:rdf...
de.the-library-code.dspace:addon-duplication-detection-service-api (>=6.2.0 <=6.3.1), de.the-library-code.dspace:addon-duplication-detection-service-jspui (>=6.2.0 <=6.3.1) +53 more potentially affected by CVE-2025-53622 via org.dspace:dspace-api (>=1.5-alpha <=7.0-preview-1)
org.dspace:dspace-api MAVEN version =1.5-alpha, =6.2.0, =6.2.0, =5.8.0, =5.8.0, =5.4.0, =5.4.0, =5.4.0, =3.0, =1.7.0, =1.7.0, =5.11 and more Source cves: CVE-2025-53622 Source advisory: OSV:GHSA-VHVX-8XGC-99WF...
GHSA-VHVX-8XGC-99WF DSpace is vulnerable to Path Traversal attacks when importing packages using Simple Archive Format
Impact A path traversal vulnerability is possible during the import of an archive in Simple Archive Format, either from command-line ./dspace import command or from the "Batch Import Zip" user interface feature. This vulnerability likely impacts all versions of DSpace 1.x = 7.6.3, 8.0 = 8.1, and...
XML External Entity (XXE) Injection
Overview org.dspace:dspace-api is a DSpace core data model and service APIs. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the XML parsing process during archive imports or when handling XML responses from upstream services. An attacker can access...
org.dspace.modules:additions (=7.0-preview-1), org.dspace.modules:oai (=7.0-preview-1) +12 more potentially affected by CVE-2025-53621 via org.dspace:dspace-api (=7.0-preview-1)
org.dspace:dspace-api MAVEN version =7.0-preview-1 is affected by a known vulnerability. The following packages have a transitive dependency on org.dspace:dspace-api and may be impacted: - org.dspace.modules:additions =7.0-preview-1 - org.dspace.modules:oai =7.0-preview-1 - org.dspace.modules:rdf...
GHSA-JJWR-5CFH-7XWH DSpace is vulnerable to XML External Entity injection during archive imports
Impact Two related XXE injection possibilities have been discovered, impacting all versions of DSpace prior to 7.6.4, 8.2 and 9.1. 1. External entities are not disabled when parsing XML files during import of an archive in Simple Archive Format, either from command-line ./dspace import command or...
de.the-library-code.dspace:addon-duplication-detection-service-api (>=6.2.0 <=6.3.1), de.the-library-code.dspace:addon-duplication-detection-service-jspui (>=6.2.0 <=6.3.1) +53 more potentially affected by CVE-2025-53621 via org.dspace:dspace-api (>=1.5-alpha <=7.0-preview-1)
org.dspace:dspace-api MAVEN version =1.5-alpha, =6.2.0, =6.2.0, =5.8.0, =5.8.0, =5.4.0, =5.4.0, =5.4.0, =3.0, =1.7.0, =1.7.0, =5.11 and more Source cves: CVE-2025-53621 Source advisory: OSV:GHSA-JJWR-5CFH-7XWH...
DSpace is vulnerable to XML External Entity injection during archive imports
Impact Two related XXE injection possibilities have been discovered, impacting all versions of DSpace prior to 7.6.4, 8.2 and 9.1. 1. External entities are not disabled when parsing XML files during import of an archive in Simple Archive Format, either from command-line ./dspace import command or...
CVE-2025-53622
DSpace open source software is a repository application which provides durable access to digital resources. Prior to versions 7.6.4, 8.2, and 9.1, a path traversal vulnerability is possible during the import of an archive in Simple Archive Format, either from command-line ./dspace import command ...