ca.uhn.hapi.fhir:org.hl7.fhir.r4

Maven4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting ca.uhn.hapi.fhir:org.hl7.fhir.r4page 1 of 1

CVE-2024-45294HIGHCVSS 8.6EG 8.6✓ Fixed in 6.3.23
2024-09-06
vulnerable: 0.0.1 ... 6.3.9 (311 versions)
The HL7 FHIR Core Artifacts repository provides the java core object handling code, with utilities (including validator), for the Fast Healthcare Interoperability Resources (FHIR) specification. Prior to version 6.3.23, XSLT transforms per…
CVE-2024-51132CRITICALCVSS 9.8EG 9.8✓ Fixed in 6.4.0
2024-11-05
vulnerable: 0.0.1 ... 6.3.9 (321 versions)
An XML External Entity (XXE) vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities.
CVE-2024-52007HIGHCVSS 8.6EG 8.6✓ Fixed in 6.4.0
2024-11-08
vulnerable: 0.0.1 ... 6.3.9 (321 versions)
HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious D…
CVE-2026-33180HIGHCVSS 7.5EG 7.5✓ Fixed in 6.9.0
2026-03-20
vulnerable: 0.0.1 ... 6.8.2 (379 versions)
HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.0, when setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial…

Check whether ca.uhn.hapi.fhir:org.hl7.fhir.r4 is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for ca.uhn.hapi.fhir:org.hl7.fhir.r4 CVEs against the assets you own.

Start Free Scan →