Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

DSpace — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting DSpace. AI-powered Chinese analysis, POCs, and references for each vulnerability.

DSpace is an open-source repository platform for academic institutions to manage, preserve, and share digital research outputs. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues due to input validation weaknesses and misconfigurations. The platform's 11 recorded CVEs highlight recurring problems in authentication mechanisms and file upload processes. While no major public security incidents have been widely documented, the consistent discovery of critical vulnerabilities underscores the need for rigorous patch management and secure configuration practices in production environments.

Top products by DSpace: DSpace
CVE IDTitleCVSSSeverityPublished
CVE-2025-53622 DSpace has path traversal vulnerability in Simple Archive Format (SAF) package import via contents file — DSpaceCWE-22 5.2 Medium2025-07-15
CVE-2025-53621 DSpace vulnerable to XML External Entity (XXE) injection in import via Simple Archive Format (SAF) or import from external sources — DSpaceCWE-611 6.9 Medium2025-07-15
CVE-2024-38364 DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document — DSpaceCWE-79 2.6 Low2024-06-25
CVE-2022-31195 Path traversal vulnerability in Simple Archive Format package import in DSpace — DSpaceCWE-22 7.2 High2022-08-01
CVE-2022-31192 Cross Site Scripting possible in DSpace JSPUI "Request a Copy" feature — DSpaceCWE-79 7.1 High2022-08-01
CVE-2022-31191 Cross Site Scripting possible in DSpace JSPUI spellcheck and autocomplete tools — DSpaceCWE-79 7.1 High2022-08-01
CVE-2022-31194 Path traversal vulnerabilities in DSpace JSPUI submission upload — DSpaceCWE-22 8.2 High2022-08-01
CVE-2022-31193 URL Redirection to Untrusted Site in Dspace JSPUI — DSpaceCWE-601 7.1 High2022-08-01
CVE-2022-31189 "Internal System Error" page in DSpace JSPUI prints exceptions and stack traces without sanitization — DSpaceCWE-209 5.3 Medium2022-08-01
CVE-2022-31190 Metadata of withdrawn Items is exposed to anonymous users in DSpace XMLUI — DSpaceCWE-200 5.3 Medium2022-08-01
CVE-2021-41189 Communities and collections administrators can escalate their privilege up to system administrator — DSpaceCWE-863 7.2 High2021-10-29

This page lists every published CVE security advisory associated with DSpace. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.