VYPR

Maven package

org.dspace/dspace-api

pkg:maven/org.dspace/dspace-api

Vulnerabilities (4)

  • CVE-2025-53622MedJul 15, 2025
    affected < 7.6.4fixed 7.6.4

    DSpace open source software is a repository application which provides durable access to digital resources. Prior to versions 7.6.4, 8.2, and 9.1, a path traversal vulnerability is possible during the import of an archive (in Simple Archive Format), either from command-line (`./d

  • CVE-2025-53621MedJul 15, 2025
    affected < 7.6.4fixed 7.6.4

    DSpace open source software is a repository application which provides durable access to digital resources. Two related XML External Entity (XXE) injection possibilities impact all versions of DSpace prior to 7.6.4, 8.2, and 9.1. External entities are not disabled when parsing XM

  • CVE-2022-31195Aug 1, 2022
    affected >= 4.0, < 5.11fixed 5.11

    DSpace open source software is a repository application which provides durable access to digital resources. In affected versions the ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF (simple archive format) package could cause a fil

  • CVE-2021-41189Oct 29, 2021
    affected >= 7.0, < 7.1fixed 7.1

    DSpace is an open source turnkey repository application. In version 7.0, any community or collection administrator can escalate their permission up to become system administrator. This vulnerability only exists in 7.0 and does not impact 6.x or below. This issue is patched in ver