722 matches found
@userfront/bell (>=5.2.3-0 <=6.0.0), ffc-auth (>=0.1.0 <=0.13.0-alpha.2) +1 more potentially affected by CVE-2026-44979 via @hapi/wreck (>=18.0.0 <=18.0.1)
@hapi/wreck NPM version =18.0.0, =5.2.3-0, =0.1.0, =1.0.2, =1.0.4 Source cves: CVE-2026-44979 Source advisory: SNYK:JS-HAPIWRECK-16881586...
20yearrewards (>=1.0.7 <=1.0.8), 3id-test-helper (>=1.0.0 <=1.0.4) +1062 more potentially affected by CVE-2026-44979 via @hapi/wreck (>=15.1.0 <=18.0.1)
@hapi/wreck NPM version =15.1.0, =1.0.7, =1.0.0, =0.24.0, =2.0.2, =6.8.2, =1.4.0, =1.0.0, =0.0.2, =1.0.0, =1.6.0, =1.7.10 and more Source cves: CVE-2026-44979 Source advisory: OSV:GHSA-VHJM-W67Q-G75C...
GHSA-VHJM-W67Q-G75C @hapi/wreck leaks sensitive `Proxy-Authorization` header across cross-hostname redirects
Impact When @hapi/wreck follows a 3xx redirect to a different hostname, only the Authorization and Cookie headers are stripped. The standard credential header Proxy-Authorization is forwarded intact to the redirect target, potentially exposing forward-proxy credentials to a host outside the...
3id-test-helper (>=1.0.0 <=1.0.4), 3nit-utils (>=0.24.0 <=1.0.2) +728 more potentially affected by CVE-2026-44974 via @hapi/content (>=4.1.1 <=5.0.2)
@hapi/content NPM version =4.1.1, =1.0.0, =0.24.0, =6.8.2, =1.4.0, =1.0.0, =0.9.0, =0.1.0, =1.0.1, =2.1.0, =2.5.0-next.11, =2.6.0, =2.7.26 and more Source cves: CVE-2026-44974 Source advisory: OSV:GHSA-36HH-X5P5-JGC8...
Interpretation Conflict
Overview @hapi/content is a HTTP Content- headers parsing Affected versions of this package are vulnerable to Interpretation Conflict due to inconsistent handling of duplicate parameters in the Content.disposition and Content.type functions. An attacker can bypass upload filename allowlists or...
GHSA-36HH-X5P5-JGC8 @hapi/content header parser has a parameter smuggling issue that allows upload-filter bypass via duplicate parameters
Impact The two parsers resolved duplicates inconsistently and silently: - Content.disposition retained the last occurrence of each parameter. - Content.type retained the first occurrence of charset and boundary. Either behavior creates a parameter-smuggling primitive when another component in the...
PT-2026-43631
Name of the Vulnerable Software and Affected Versions @hapi/wreck versions prior to 18.1.1 Description When following a 3xx redirect to a different hostname, the utility only strips the Authorization and Cookie headers. The Proxy-Authorization credential header is forwarded intact to the redirect...
au.csiro.pathling:encoders (>=6.2.2 <=9.6.0), au.csiro.pathling:fhir-server (>=6.2.2 <=7.2.0) +220 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.r4 (>=6.0.0 <=6.9.6)
ca.uhn.hapi.fhir:org.hl7.fhir.r4 MAVEN version =6.0.0, =6.2.2, =6.2.2, =6.2.2, =6.2.2, =6.2.2, =6.2.2, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =8.10.0 and more Source cves: CVE-2026-45367 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-16757888...
ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=3.4.0 <=8.10.0), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.7.7 <=7.4.5) +209 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.r4b (>=5.6.22 <=6.9.5)
ca.uhn.hapi.fhir:org.hl7.fhir.r4b MAVEN version =5.6.22, =3.4.0, =5.7.7, =5.7.0, =5.7.0, =5.7.0, =5.7.0, =5.7.0, =6.2.0, =6.8.0, =6.4.0, =5.7.0, =5.7.0, =5.7.0, =5.7.0, =5.7.7, =6.8.0 and more Source cves: CVE-2026-45367 Source advisory: OSV:GHSA-3653-68V6-RQ57...
ca.uhn.hapi.fhir:hapi-fhir-base-test-jaxrsserver-kotlin (=6.8.0), ca.uhn.hapi.fhir:hapi-fhir-base-test-mindeps-client (>=6.6.0 <=7.4.5) +197 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.dstu3 (>=6.0.0 <=6.9.5)
ca.uhn.hapi.fhir:org.hl7.fhir.dstu3 MAVEN version =6.0.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.8.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =8.10.0 and more Source cves: CVE-2026-45367 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-16757886...
ca.uhn.hapi.fhir:hapi-fhir-base-test-jaxrsserver-kotlin (>=5.6.5 <=6.8.0), ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=4.0.0 <=8.10.0) +259 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 (>=0.0.1 <=6.9.5)
ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 MAVEN version =0.0.1, =5.6.5, =4.0.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =8.10.0 and more Source cves: CVE-2026-45367 Source advisory: OSV:GHSA-3653-68V6-RQ57...
au.csiro.pathling:encoders (>=6.2.2 <=9.6.0), au.csiro.pathling:fhir-server (>=6.2.2 <=7.2.0) +246 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.utilities (>=6.0.0 <=6.9.6)
ca.uhn.hapi.fhir:org.hl7.fhir.utilities MAVEN version =6.0.0, =6.2.2, =6.2.2, =6.2.2, =6.2.2, =6.2.2, =6.2.2, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =8.10.0 and more Source cves: CVE-2026-45367 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-16757891...
ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=6.6.0 <=8.10.0), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=6.6.0 <=7.4.5) +172 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.r4b (>=6.0.0 <=6.9.5)
ca.uhn.hapi.fhir:org.hl7.fhir.r4b MAVEN version =6.0.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.8.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =8.4.0, =6.8.0, =8.10.0 and more Source cves: CVE-2026-45367 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-16757889...
ca.uhn.hapi.fhir:hapi-fhir-base-test-jaxrsserver-kotlin (>=5.6.5 <=6.8.0), ca.uhn.hapi.fhir:hapi-fhir-base-test-mindeps-client (>=5.6.5 <=7.4.5) +277 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.dstu3 (>=0.0.1 <=6.9.5)
ca.uhn.hapi.fhir:org.hl7.fhir.dstu3 MAVEN version =0.0.1, =5.6.5, =5.6.5, =5.6.5, =4.0.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =5.2.1 and more Source cves: CVE-2026-45367 Source advisory: OSV:GHSA-3653-68V6-RQ57...
ca.uhn.hapi.fhir:hapi-fhir-base-test-jaxrsserver-kotlin (=6.8.0), ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=6.6.0 <=8.10.0) +186 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 (>=6.0.0 <=6.9.5)
ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 MAVEN version =6.0.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.8.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =8.10.0 and more Source cves: CVE-2026-45367 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-16757885...
ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=6.6.0 <=8.10.0), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=6.6.0 <=7.4.5) +155 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.validation (>=6.0.0 <=6.9.4.1)
ca.uhn.hapi.fhir:org.hl7.fhir.validation MAVEN version =6.0.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.8.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =8.4.0, =6.8.0, =6.6.0, =8.10.0 and more Source cves: CVE-2026-45367 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-16757892...
ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=4.0.0 <=8.10.0), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.6.5 <=7.4.5) +223 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.validation (>=1.0.0 <=6.9.4.1)
ca.uhn.hapi.fhir:org.hl7.fhir.validation MAVEN version =1.0.0, =4.0.0, =5.6.5, =4.1.0, =4.1.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =5.3.0, =4.0.0, =4.0.0, =8.10.0 and more Source cves: CVE-2026-45367 Source advisory: OSV:GHSA-3653-68V6-RQ57...
ca.uhn.hapi.fhir:hapi-fhir-base-test-jaxrsserver-kotlin (=6.8.0), ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=6.6.0 <=8.10.0) +185 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (>=6.0.0 <=6.9.5)
ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may MAVEN version =6.0.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.8.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =8.10.0 - ca.uhn.hapi.fhir:hapi-fhir-jpaserver-uhnfhirtest =6.8.0 and more Source cves: CVE-2026-45367 Source advisory:...
ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=6.6.0 <=8.10.0), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=6.6.0 <=7.4.5) +182 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.r5 (>=6.0.0 <=6.9.5)
ca.uhn.hapi.fhir:org.hl7.fhir.r5 MAVEN version =6.0.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.8.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =8.4.0, =8.10.0 and more Source cves: CVE-2026-45367 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-16757890...
ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=3.4.0 <=8.10.0), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.6.5 <=7.4.5) +262 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.r5 (>=0.0.1 <=6.9.5)
ca.uhn.hapi.fhir:org.hl7.fhir.r5 MAVEN version =0.0.1, =3.4.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =5.3.0, =4.0.0, =5.5.7 and more Source cves: CVE-2026-45367 Source advisory: OSV:GHSA-3653-68V6-RQ57...