CVE-2025-61190

A Reflected Cross-Site Scripting XSS vulnerability has been identified in DSpace JSPUI 6.5 within the search/discover filtering functionality. The vulnerability exists due to improper sanitization of user-supplied input via the filtertype1 parameter...

CVE-2025-61190

A Reflected Cross-Site Scripting XSS vulnerability has been identified in DSpace JSPUI 6.5 within the search/discover filtering functionality. The vulnerability exists due to improper sanitization of user-supplied input via the filtertype1 parameter...

CVE-2025-61190

CVE-2025-61190 affects DSpace JSPUI 6.5, specifically the search/discover filtering flow. The vulnerability arises from improper sanitization of user input supplied via the filter_type_1 parameter, enabling a Reflected Cross-Site Scripting (XSS) condition. This is documented across multiple sourc...

PT-2026-28303

A Reflected Cross-Site Scripting XSS vulnerability has been identified in DSpace JSPUI 6.5 within the search/discover filtering functionality. The vulnerability exists due to improper sanitization of user-supplied input via the filter type 1 parameter...

CVE-2025-61190

A Reflected Cross-Site Scripting XSS vulnerability has been identified in DSpace JSPUI 6.5 within the search/discover filtering functionality. The vulnerability exists due to improper sanitization of user-supplied input via the filtertype1 parameter...

CVE-2022-31189

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. When an "Internal System Error" occurs in the JSPUI, then entire exception including stack trace is available. Information in this stacktrace may ...

CVE-2022-31191

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI...

CVE-2022-31192

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item...

EUVD-2022-6531

Malicious code in bioql PyPI...

EUVD-2022-6519

Malicious code in bioql PyPI...

EUVD-2022-6483

Malicious code in bioql PyPI...

EUVD-2022-6608

Malicious code in bioql PyPI...

EUVD-2022-6498

Malicious code in bioql PyPI...

EUVD-2022-6529

Malicious code in bioql PyPI...

de.the-library-code.dspace:addon-duplication-detection-service-api (>=6.2.0 <=6.3.1), de.the-library-code.dspace:addon-duplication-detection-service-jspui (>=6.2.0 <=6.3.1) +53 more potentially affected by CVE-2025-53621 via org.dspace:dspace-api (>=1.5-alpha <=7.0-preview-1)

org.dspace:dspace-api MAVEN version =1.5-alpha, =6.2.0, =6.2.0, =5.8.0, =5.8.0, =5.4.0, =5.4.0, =5.4.0, =3.0, =1.7.0, =1.7.0, =5.11 and more Source cves: CVE-2025-53621 Source advisory: OSV:GHSA-JJWR-5CFH-7XWH...

CVE-2022-31193

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a...

CVE-2022-31194

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversal attacks, allowi...

GHSA-8RMH-55H4-93H5 DSpace ItemImportService API Vulnerable to Path Traversal in Simple Archive Format Package Import

Impact ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF simple archive format package could cause a file/directory to be created anywhere the Tomcat/DSpace user can write to on the server. However, this path traversal vulnerability is only possible...

de.the-library-code.dspace:addon-duplication-detection-service-api (>=6.2.0 <=6.3.1), de.the-library-code.dspace:addon-duplication-detection-service-jspui (>=6.2.0 <=6.3.1) +18 more potentially affected by CVE-2022-31195 via org.dspace:dspace-api (>=6.0 <=6.3)

org.dspace:dspace-api MAVEN version =6.0, =6.2.0, =6.2.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.3 and more Source cves: CVE-2022-31195 Source advisory: OSV:GHSA-8RMH-55H4-93H5...

DSpace ItemImportService API Vulnerable to Path Traversal in Simple Archive Format Package Import

Impact ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF simple archive format package could cause a file/directory to be created anywhere the Tomcat/DSpace user can write to on the server. However, this path traversal vulnerability is only possible...