24 matches found
au.csiro.pathling:encoders (>=5.1.0 <=9.6.0), au.csiro.pathling:fhir-server (>=5.3.1 <=7.2.0) +322 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.r4 (>=0.0.1 <=6.9.6)
ca.uhn.hapi.fhir:org.hl7.fhir.r4 MAVEN version =0.0.1, =5.1.0, =5.3.1, =6.2.1, =5.3.1, =5.3.1, =5.3.0, =0.0.9, =5.6.5, =4.0.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =5.2.1 and more Source cves: CVE-2026-45367 Source advisory: OSV:GHSA-3653-68V6-RQ57...
au.csiro.pathling:fhir-server (>=5.3.1 <=6.4.2), au.org.consumerdatastandards:data-holder (>=2.3.0 <=2.4.1) +2123 more potentially affected by CVE-2026-22746 via org.springframework.security:spring-security-core (>=5.7.0 <=5.7.2)
org.springframework.security:spring-security-core MAVEN version =5.7.0, =5.3.1, =2.3.0, =2.4.1 - au.org.consumerdatastandards:mock-data-holder-java =2.6.0 - be.jidoka:jdk-keycloak-admin =1.3.0 - br.com.m4rc310:br-com-m4rc310-graphql =1.0.1 - br.com.m4rc310:br-com-m4rc310-libs =1.0.1 -...
best.skn:skn-spring-mail (>=1.0.0 <=2.4.0), ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=7.0.0 <=8.8.1) +746 more potentially affected by CVE-2026-40478 via org.thymeleaf:thymeleaf-spring6 (>=3.1.0.M1 <=3.1.3.RELEASE)
org.thymeleaf:thymeleaf-spring6 MAVEN version =3.1.0.M1, =1.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.6.0, =7.6.0, =7.0.0, =7.0.0, =8.8.1 and more Source cves: CVE-2026-40478 Source advisory: SNYK:JAVA-ORGTHYMELEAF-16078377...
dev.dsf:dsf-fhir-server-jetty (>=1.0.0 <=1.9.0), dev.dsf:dsf-tools-test-data-generator (>=1.0.0 <=1.9.0) potentially affected by CVE-2026-40939 via dev.dsf:dsf-fhir-server (>=1.0.0-M1 <=1.9.0)
dev.dsf:dsf-fhir-server MAVEN version =1.0.0-M1, =1.0.0, =1.0.0, =1.9.0 Source cves: CVE-2026-40939 Source advisory: OSV:GHSA-GJ7P-595X-QWF5...
dev.dsf:dsf-bpe-server-jetty (>=1.0.0 <=1.9.0), dev.dsf:dsf-fhir-server-jetty (>=1.0.0 <=1.9.0) potentially affected by CVE-2026-40939 via dev.dsf:dsf-common-jetty (>=1.0.0-M1 <=1.9.0)
dev.dsf:dsf-common-jetty MAVEN version =1.0.0-M1, =1.0.0, =1.0.0, =1.9.0 Source cves: CVE-2026-40939 Source advisory: SNYK:JAVA-DEVDSF-16540565...
Data Sharing Framework is Missing Session Timeout for OIDC Sessions
Affected Components DSF FHIR Server with enabled OIDC authentication. DSF BPE Server with enabled OIDC authentication. Summary OIDC-authenticated sessions had no configured maximum inactivity timeout. Sessions persisted indefinitely after login, even after the OIDC access token expired. Impact If...
dev.dsf:dsf-fhir-server-jetty (>=1.0.0 <=1.9.0), dev.dsf:dsf-tools-test-data-generator (>=1.0.0 <=1.9.0) potentially affected by CVE-2026-40939 via dev.dsf:dsf-fhir-server (>=1.0.0-M1 <=1.9.0)
dev.dsf:dsf-fhir-server MAVEN version =1.0.0-M1, =1.0.0, =1.0.0, =1.9.0 Source cves: CVE-2026-40939 Source advisory: SNYK:JAVA-DEVDSF-16540567...
Insufficient Session Expiration
Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in the DSF FHIR and BPE Servers with enabled OIDC authentication due to the lack of session timeout enforcement in OIDC browser sessions. An attacker can gain unauthorized access to a user's session by...
Insufficient Session Expiration
Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in the DSF FHIR and BPE Servers with enabled OIDC authentication due to the lack of session timeout enforcement in OIDC browser sessions. An attacker can gain unauthorized access to a user's session by...
au.csiro.pathling:encoders (>=6.2.2 <=9.5.0), au.csiro.pathling:fhir-server (>=6.2.2 <=7.2.0) +244 more potentially affected by CVE-2026-34360 via ca.uhn.hapi.fhir:org.hl7.fhir.utilities (>=6.0.0 <=6.9.3)
ca.uhn.hapi.fhir:org.hl7.fhir.utilities MAVEN version =6.0.0, =6.2.2, =6.2.2, =6.2.2, =6.2.2, =6.2.2, =6.2.2, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =8.8.1 and more Source cves: CVE-2026-34360 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-15855324...
au.csiro.pathling:encoders (>=5.1.0 <=9.5.0), au.csiro.pathling:fhir-server (>=5.3.1 <=7.2.0) +352 more potentially affected by CVE-2026-34359 via ca.uhn.hapi.fhir:org.hl7.fhir.utilities (>=0.0.1 <=6.9.3)
ca.uhn.hapi.fhir:org.hl7.fhir.utilities MAVEN version =0.0.1, =5.1.0, =5.3.1, =6.2.1, =5.3.1, =5.3.1, =5.3.0, =0.0.9, =5.6.5, =5.6.5, =5.6.5, =3.4.0, =5.6.5, =4.1.0, =4.0.3, =8.8.1 and more Source cves: CVE-2026-34359 Source advisory: OSV:GHSA-FGV2-4Q4G-WC35...
au.csiro.pathling:encoders (>=5.1.0 <=9.5.0), au.csiro.pathling:fhir-server (>=5.3.1 <=7.2.0) +321 more potentially affected by CVE-2026-33180 via ca.uhn.hapi.fhir:org.hl7.fhir.r4 (>=0.0.1 <=6.8.2)
ca.uhn.hapi.fhir:org.hl7.fhir.r4 MAVEN version =0.0.1, =5.1.0, =5.3.1, =6.2.1, =5.3.1, =5.3.1, =5.3.0, =0.0.9, =5.6.5, =4.0.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =5.2.1 and more Source cves: CVE-2026-33180 Source advisory: OSV:GHSA-P7M9-V2CM-2H7M...
au.csiro.pathling:encoders (>=5.1.0 <=9.5.0), au.csiro.pathling:fhir-server (>=5.3.1 <=7.2.0) +352 more potentially affected by CVE-2026-33180 via ca.uhn.hapi.fhir:org.hl7.fhir.utilities (>=0.0.1 <=6.8.2)
ca.uhn.hapi.fhir:org.hl7.fhir.utilities MAVEN version =0.0.1, =5.1.0, =5.3.1, =6.2.1, =5.3.1, =5.3.1, =5.3.0, =0.0.9, =5.6.5, =5.6.5, =5.6.5, =3.4.0, =5.6.5, =4.1.0, =4.0.3, =8.8.1 and more Source cves: CVE-2026-33180 Source advisory: OSV:GHSA-P7M9-V2CM-2H7M...
ai.platon.gora:gora-core (=1.0.0), ai.platon.gora:gora-mongodb (=1.0.0) +1296 more potentially affected by CVE-2026-24281 via org.apache.zookeeper:zookeeper (>=3.9.0 <=3.9.4)
org.apache.zookeeper:zookeeper MAVEN version =3.9.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =0.0.1-jdk1.8-RELEASES, =0.0.1-jdk1.8-RELEASES, =0.0.1-jdk1.8-RELEASES, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =1.1.2 and more Source cves: CVE-2026-24281 Source advisory: OSV:GHSA-7XRH-HQFC-G7QR...
ai.platon.gora:gora-core (=1.0.0), ai.platon.gora:gora-mongodb (=1.0.0) +1296 more potentially affected by CVE-2026-24281 via org.apache.zookeeper:zookeeper (>=3.9.0 <=3.9.4)
org.apache.zookeeper:zookeeper MAVEN version =3.9.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =0.0.1-jdk1.8-RELEASES, =0.0.1-jdk1.8-RELEASES, =0.0.1-jdk1.8-RELEASES, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =1.1.2 and more Source cves: CVE-2026-24281 Source advisory: SNYK:JAVA-ORGAPACHEZOOKEEPER-15456215...
au.csiro.pathling:fhir-server (>=6.2.2 <=7.2.0), br.com.jarch:jarch-apt (>=20.7.0 <=25.11.0) +744 more potentially affected by CVE-2025-66021 via com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer (>=r136 <=20240325.1)
com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer MAVEN version =r136, =6.2.2, =20.7.0, =24.2.0, =20.7.0, =23.1.0, =24.2.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.8.0, =8.6.8 and more Source cves: CVE-2025-66021 Source advisory:...
org.hl7.fhir.convertors: org.hl7.fhir.dstu2: org.hl7.fhir.dstu2016may: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r5: org.hl7.fhir.utilities: org.hl7.fhir.validation: org.hl7.fhir.core: FHIR arbitrary code execution via specially-crafted request
A flaw was found in Fast Healthcare Interoperability Resources HAPI FHIR. This vulnerability could allow attackers to execute arbitrary code or access sensitive information via a crafted request which contains malicious XML entities...
au.csiro.pathling:encoders (>=5.1.0 <=7.1.0), au.csiro.pathling:fhir-server (>=5.3.1 <=7.1.0) +287 more potentially affected by CVE-2024-52007 via ca.uhn.hapi.fhir:org.hl7.fhir.r4 (>=0.0.1 <=6.3.9)
ca.uhn.hapi.fhir:org.hl7.fhir.r4 MAVEN version =0.0.1, =5.1.0, =5.3.1, =6.2.1, =5.3.1, =5.3.1, =5.3.0, =0.0.9, =5.6.5, =4.0.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =4.0.0, =7.4.5 and more Source cves: CVE-2024-52007 Source advisory: OSV:GHSA-GR3C-Q7XF-47VH...
au.csiro.pathling:encoders (>=5.1.0 <=7.1.0), au.csiro.pathling:fhir-server (>=5.3.1 <=7.1.0) +315 more potentially affected by CVE-2024-51132 via ca.uhn.hapi.fhir:org.hl7.fhir.utilities (>=0.0.1 <=6.3.9)
ca.uhn.hapi.fhir:org.hl7.fhir.utilities MAVEN version =0.0.1, =5.1.0, =5.3.1, =6.2.1, =5.3.1, =5.3.1, =5.3.0, =0.0.9, =5.6.5, =5.6.5, =5.6.5, =3.4.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =7.4.5 and more Source cves: CVE-2024-51132 Source advisory: OSV:GHSA-4CF2-CXP3-RJR7...
au.csiro.pathling:encoders (>=5.1.0 <=7.1.0), au.csiro.pathling:fhir-server (>=5.3.1 <=7.1.0) +286 more potentially affected by CVE-2024-45294 +1 more via ca.uhn.hapi.fhir:org.hl7.fhir.r4 (>=0.0.1 <=6.3.22)
ca.uhn.hapi.fhir:org.hl7.fhir.r4 MAVEN version =0.0.1, =5.1.0, =5.3.1, =6.2.1, =5.3.1, =5.3.1, =5.3.0, =0.0.9, =5.6.5, =4.0.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =4.0.0, =7.4.3 and more Source cves: CVE-2024-45294, CVE-2024-52007 Source advisory: OSV:GHSA-6CR6-PH3P-F5RF...