Lucene search
K

211 matches found

OSV
OSV
added 2026/06/24 10:45 a.m.10 views

ROOT-APP-MAVEN-CVE-2026-34359 CVE-2026-34359 in io.root.ca.uhn.hapi.fhir:org.hl7.fhir.utilities - Patched by Root

Root has patched CVE-2026-34359 in the io.root.ca.uhn.hapi.fhir:org.hl7.fhir.utilities package for Root:Maven. Multiple fixed versions available...

9.1CVSS5.8AI score0.00158EPSS
Exploits1
OSV
OSV
added 2026/06/24 10:45 a.m.13 views

ROOT-APP-MAVEN-CVE-2026-33180 CVE-2026-33180 in io.root.ca.uhn.hapi.fhir:org.hl7.fhir.utilities - Patched by Root

Root has patched CVE-2026-33180 in the io.root.ca.uhn.hapi.fhir:org.hl7.fhir.utilities package for Root:Maven. Multiple fixed versions available...

8.2CVSS5.8AI score0.00264EPSS
Exploits0
OSV
OSV
added 2026/06/24 10:45 a.m.14 views

ROOT-APP-MAVEN-CVE-2026-34361 CVE-2026-34361 in io.root.ca.uhn.hapi.fhir:org.hl7.fhir.validation - Patched by Root

Root has patched CVE-2026-34361 in the io.root.ca.uhn.hapi.fhir:org.hl7.fhir.validation package for Root:Maven. Multiple fixed versions available...

9.3CVSS5.8AI score0.00299EPSS
Exploits1
OSV
OSV
added 2026/06/24 10:45 a.m.8 views

ROOT-APP-MAVEN-CVE-2026-34360 CVE-2026-34360 in io.root.ca.uhn.hapi.fhir:org.hl7.fhir.core - Patched by Root

Root has patched CVE-2026-34360 in the io.root.ca.uhn.hapi.fhir:org.hl7.fhir.core package for Root:Maven. Multiple fixed versions available...

5.8CVSS5.4AI score0.00235EPSS
Exploits1
OSV
OSV
added 2026/06/24 10:45 a.m.12 views

ROOT-APP-MAVEN-CVE-2026-45367 CVE-2026-45367 in io.root.ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 - Patched by Root

Root has patched CVE-2026-45367 in the io.root.ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 package for Root:Maven. Multiple fixed versions available...

5.8AI score0.00086EPSS
Exploits0
OSV
OSV
added 2026/06/17 6:47 p.m.4 views

GHSA-FXJ4-P9XP-37V5 HAPI FHIR: Incomplete fix for CVE-2026-45367: DSTU2 FHIRPathEngine.matches() missing RegexTimeout protection allows ReDoS

Summary The fix for CVE-2026-45367 added RegexTimeout protection to the matches function in DSTU2016MAY, DSTU3, R4, R4B, and R5, but the DSTU2 module was incompletely patched. In org.hl7.fhir.dstu2, replaceMatches was updated while matches at line 2462 still calls the raw String.matchessw without...

7.5CVSS5.4AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/18 8:23 p.m.6 views

au.csiro.pathling:encoders (>=5.1.0 <=9.6.0), au.csiro.pathling:fhir-server (>=5.3.1 <=7.2.0) +322 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.r4 (>=0.0.1 <=6.9.6)

ca.uhn.hapi.fhir:org.hl7.fhir.r4 MAVEN version =0.0.1, =5.1.0, =5.3.1, =6.2.1, =5.3.1, =5.3.1, =5.3.0, =0.0.9, =5.6.5, =4.0.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =5.2.1 and more Source cves: CVE-2026-45367 Source advisory: OSV:GHSA-3653-68V6-RQ57...

5.4AI score0.00086EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 8:23 p.m.4 views

ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=3.4.0 <=8.10.0), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.7.7 <=7.4.5) +209 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.r4b (>=5.6.22 <=6.9.5)

ca.uhn.hapi.fhir:org.hl7.fhir.r4b MAVEN version =5.6.22, =3.4.0, =5.7.7, =5.7.0, =5.7.0, =5.7.0, =5.7.0, =5.7.0, =6.2.0, =6.8.0, =6.4.0, =5.7.0, =5.7.0, =5.7.0, =5.7.0, =5.7.7, =6.8.0 and more Source cves: CVE-2026-45367 Source advisory: OSV:GHSA-3653-68V6-RQ57...

5.4AI score0.00086EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 8:23 p.m.5 views

ca.uhn.hapi.fhir:hapi-fhir-base-test-jaxrsserver-kotlin (>=5.6.5 <=6.8.0), ca.uhn.hapi.fhir:hapi-fhir-base-test-mindeps-client (>=5.6.5 <=7.4.5) +277 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.dstu3 (>=0.0.1 <=6.9.5)

ca.uhn.hapi.fhir:org.hl7.fhir.dstu3 MAVEN version =0.0.1, =5.6.5, =5.6.5, =5.6.5, =4.0.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =5.2.1 and more Source cves: CVE-2026-45367 Source advisory: OSV:GHSA-3653-68V6-RQ57...

5.4AI score0.00086EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 8:23 p.m.4 views

ca.uhn.hapi.fhir:hapi-fhir-base-test-jaxrsserver-kotlin (>=5.6.5 <=6.8.0), ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=4.0.0 <=8.10.0) +259 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 (>=0.0.1 <=6.9.5)

ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 MAVEN version =0.0.1, =5.6.5, =4.0.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =8.10.0 and more Source cves: CVE-2026-45367 Source advisory: OSV:GHSA-3653-68V6-RQ57...

5.4AI score0.00086EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 8:23 p.m.5 views

ca.uhn.hapi.fhir:hapi-fhir-base-test-jaxrsserver-kotlin (=6.8.0), ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=6.6.0 <=8.10.0) +185 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (>=6.0.0 <=6.9.5)

ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may MAVEN version =6.0.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.8.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =8.10.0 - ca.uhn.hapi.fhir:hapi-fhir-jpaserver-uhnfhirtest =6.8.0 and more Source cves: CVE-2026-45367 Source advisory:...

5.4AI score0.00086EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 8:23 p.m.5 views

ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=3.4.0 <=8.10.0), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.6.5 <=7.4.5) +262 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.r5 (>=0.0.1 <=6.9.5)

ca.uhn.hapi.fhir:org.hl7.fhir.r5 MAVEN version =0.0.1, =3.4.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =5.3.0, =4.0.0, =5.5.7 and more Source cves: CVE-2026-45367 Source advisory: OSV:GHSA-3653-68V6-RQ57...

5.4AI score0.00086EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 8:23 p.m.4 views

au.csiro.pathling:encoders (>=6.2.2 <=9.6.0), au.csiro.pathling:fhir-server (>=6.2.2 <=7.2.0) +220 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.r4 (>=6.0.0 <=6.9.6)

ca.uhn.hapi.fhir:org.hl7.fhir.r4 MAVEN version =6.0.0, =6.2.2, =6.2.2, =6.2.2, =6.2.2, =6.2.2, =6.2.2, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =8.10.0 and more Source cves: CVE-2026-45367 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-16757888...

5.4AI score0.00086EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 8:23 p.m.4 views

ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=6.6.0 <=8.10.0), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=6.6.0 <=7.4.5) +172 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.r4b (>=6.0.0 <=6.9.5)

ca.uhn.hapi.fhir:org.hl7.fhir.r4b MAVEN version =6.0.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.8.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =8.4.0, =6.8.0, =8.10.0 and more Source cves: CVE-2026-45367 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-16757889...

5.4AI score0.00086EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 8:23 p.m.8 views

ca.uhn.hapi.fhir:hapi-fhir-base-test-jaxrsserver-kotlin (=6.8.0), ca.uhn.hapi.fhir:hapi-fhir-base-test-mindeps-client (>=6.6.0 <=7.4.5) +197 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.dstu3 (>=6.0.0 <=6.9.5)

ca.uhn.hapi.fhir:org.hl7.fhir.dstu3 MAVEN version =6.0.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.8.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =8.10.0 and more Source cves: CVE-2026-45367 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-16757886...

5.4AI score0.00086EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 8:23 p.m.6 views

ca.uhn.hapi.fhir:hapi-fhir-base-test-jaxrsserver-kotlin (=6.8.0), ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=6.6.0 <=8.10.0) +186 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 (>=6.0.0 <=6.9.5)

ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 MAVEN version =6.0.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.8.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =8.10.0 and more Source cves: CVE-2026-45367 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-16757885...

5.4AI score0.00086EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 8:23 p.m.4 views

ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=4.0.0 <=8.10.0), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.6.5 <=7.4.5) +223 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.validation (>=1.0.0 <=6.9.4.1)

ca.uhn.hapi.fhir:org.hl7.fhir.validation MAVEN version =1.0.0, =4.0.0, =5.6.5, =4.1.0, =4.1.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =5.3.0, =4.0.0, =4.0.0, =8.10.0 and more Source cves: CVE-2026-45367 Source advisory: OSV:GHSA-3653-68V6-RQ57...

5.4AI score0.00086EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 8:23 p.m.6 views

ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=6.6.0 <=8.10.0), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=6.6.0 <=7.4.5) +182 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.r5 (>=6.0.0 <=6.9.5)

ca.uhn.hapi.fhir:org.hl7.fhir.r5 MAVEN version =6.0.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.8.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =8.4.0, =8.10.0 and more Source cves: CVE-2026-45367 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-16757890...

5.4AI score0.00086EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 8:23 p.m.5 views

au.csiro.pathling:encoders (>=6.2.2 <=9.6.0), au.csiro.pathling:fhir-server (>=6.2.2 <=7.2.0) +246 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.utilities (>=6.0.0 <=6.9.6)

ca.uhn.hapi.fhir:org.hl7.fhir.utilities MAVEN version =6.0.0, =6.2.2, =6.2.2, =6.2.2, =6.2.2, =6.2.2, =6.2.2, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =8.10.0 and more Source cves: CVE-2026-45367 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-16757891...

5.4AI score0.00086EPSS
Exploits0
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/18 12:0 a.m.9 views

HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint

All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The FHIRPath functions matches, matchesFull, and replaceMatches pass user-controlled regular expressions directly to Java's Pattern.compile and String.replaceAll without...

5.9AI score0.00086EPSS
Exploits0References3
Rows per page
Query Builder