ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=6.10.0 <=6.10.5), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=6.10.0 <=6.10.5) +162 more potentially affected by CVE-2026-41901 via org.thymeleaf:thymeleaf-spring5 (>=3.0.9.RELEASE <=3.1.3.RELEASE)

org.thymeleaf:thymeleaf-spring5 MAVEN version =3.0.9.RELEASE, =6.10.0, =6.10.0, =6.10.0, =6.10.0, =6.10.0, =6.10.0, =6.10.0, =6.10.0, =6.10.0, =6.10.0, =6.10.0, =6.10.0, =1.19.0, =v1.1, =v1.2 - cn.haoxiaoyong.ocr.email:email-msg =v1.0 and more Source cves: CVE-2026-41901 Source advisory:...

best.skn:skn-spring-mail (>=1.0.0 <=2.4.0), ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=7.0.0 <=8.8.1) +746 more potentially affected by CVE-2026-40478 via org.thymeleaf:thymeleaf-spring6 (>=3.1.0.M1 <=3.1.3.RELEASE)

org.thymeleaf:thymeleaf-spring6 MAVEN version =3.1.0.M1, =1.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.6.0, =7.6.0, =7.0.0, =7.0.0, =8.8.1 and more Source cves: CVE-2026-40478 Source advisory: SNYK:JAVA-ORGTHYMELEAF-16078377...

HAPI FHIR HTTP authentication leak in redirects

When setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the Location: response header value. Sending the same set of headers ...

ai.ylyue:yue-library-data-es (>=j8.2.2.0 <=j11.2.6.2), br.com.simpli:simpli-ws (>=1.2.1 <=2.2.0) +1034 more potentially affected by CVE-2025-37731 via org.elasticsearch:elasticsearch (>=7.0.0-alpha1 <=8.19.7)

org.elasticsearch:elasticsearch MAVEN version =7.0.0-alpha1, =j8.2.2.0, =1.2.1, =0.0.1-alpha, =5.3.0, =5.6.5, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =6.2.0, =6.8.0, =6.4.0, =5.3.0, =5.3.0, =5.3.0, =5.4.0 and more Source cves: CVE-2025-37731 Source advisory: OSV:GHSA-M9GH-789G-Q5PV...

EUVD-2025-16400

Malicious code in bioql PyPI...

ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=4.0.0 <=7.6.1), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.6.5 <=7.4.5) +275 more potentially affected by CVE-2024-55887 via org.fhir:ucum (>=1.0.1 <=1.0.8)

org.fhir:ucum MAVEN version =1.0.1, =4.0.0, =5.6.5, =4.1.0, =4.1.0, =4.0.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =5.3.0, =4.0.0, =5.5.7 and more Source cves: CVE-2024-55887 Source advisory: OSV:GHSA-W9J7-PHM3-F97J...

CVE-2024-50589

An unauthenticated attacker with access to the local network of the medical office can query an unprotected Fast Healthcare Interoperability Resources FHIR API to get access to sensitive electronic health records EHR...

CVE-2024-50589

CVE-2024-50589 involves Hasomed Elefant: an unauthenticated attacker on the local network can query an unprotected FHIR API to access sensitive EHRs. Affected are Hasomed Elefant versions prior to 24.04.00 and Elefant Updater prior to 1.4.2.1811. Remediation: upgrade Elefant to 24.04.00+ and upda...

CVE-2024-50589 Unprotected FHIR API

An unauthenticated attacker with access to the local network of the medical office can query an unprotected Fast Healthcare Interoperability Resources FHIR API to get access to sensitive electronic health records EHR...

CVE-2024-50589 Unprotected FHIR API

An unauthenticated attacker with access to the local network of the medical office can query an unprotected Fast Healthcare Interoperability Resources FHIR API to get access to sensitive electronic health records EHR...

HAPI FHIR 代码问题漏洞

HAPI FHIR is a Java-written HL7 FHIR API for the HAPI FHIR open source. A code issue vulnerability exists in HAPI FHIR prior to version 6.4.0 that stems from the XSLT parsing performed by various components being vulnerable to XML external entity injection...