ca.uhn.hapi.fhir:org.hl7.fhir.validation
Maven5 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting ca.uhn.hapi.fhir:org.hl7.fhir.validationpage 1 of 1
- CVE-2023-24057HIGHCVSS 8.1EG 8.1✓ Fixed in 5.6.922023-01-26
vulnerable: 0.0.1 ... 5.6.91 (196 versions)
HL7 (Health Level 7) FHIR Core Libraries before 5.6.92 allow attackers to extract files into arbitrary directories via directory traversal from a crafted ZIP or TGZ archive (for a prepackaged terminology cache, NPM package, or comparison a…
- CVE-2023-28465HIGHCVSS 7.5EG 7.5✓ Fixed in 5.6.1062023-12-12
vulnerable: 0.0.1 ... 5.6.99 (210 versions)
The package-decompression feature in HL7 (Health Level 7) FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed directory name is a substring of the direct…
- CVE-2024-51132CRITICALCVSS 9.8EG 9.8✓ Fixed in 6.4.02024-11-05
vulnerable: 0.0.1 ... 6.3.9 (321 versions)
An XML External Entity (XXE) vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities.
- CVE-2026-33180HIGHCVSS 7.5EG 7.5✓ Fixed in 6.9.02026-03-20
vulnerable: 0.0.1 ... 6.8.2 (379 versions)
HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.0, when setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial…
- CVE-2026-34361CRITICALCVSS 9.3EG 9.3✓ Fixed in 6.9.42026-03-31
vulnerable: 0.0.1 ... 6.9.3 (383 versions)
HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, the FHIR Validator HTTP service exposes an unauthenticated "/loadIG" endpoint that makes outbound HTTP request…
Check whether ca.uhn.hapi.fhir:org.hl7.fhir.validation is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for ca.uhn.hapi.fhir:org.hl7.fhir.validation CVEs against the assets you own.
Start Free Scan →