Browse all 6 CVE security advisories affecting hapifhir. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-34361 | HAPI FHIR: Unauthenticated SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft — org.hl7.fhir.coreCWE-552 | 9.3 | Critical | 2026-03-31 |
| CVE-2026-34360 | HAPI FHIR: Unauthenticated Blind SSRF via /loadIG Endpoint Enables Internal Network Probing — org.hl7.fhir.coreCWE-918 | 5.8 | Medium | 2026-03-31 |
| CVE-2026-34359 | HAPI FHIR: Authentication Credential Leakage via Improper URL Prefix Matching on HTTP Redirect in HAPI FHIR Core — org.hl7.fhir.coreCWE-346 | 7.4 | High | 2026-03-31 |
| CVE-2026-33180 | HAPI FHIR HTTP authentication leak in redirects — org.hl7.fhir.coreCWE-200 | 7.5 | High | 2026-03-20 |
| CVE-2024-52007 | XXE vulnerability in XSLT parsing in `org.hl7.fhir.core` — org.hl7.fhir.coreCWE-611 | 8.6 | High | 2024-11-08 |
| CVE-2024-45294 | `org.hl7.fhir.core` XXE vulnerability in XSLT transforms — org.hl7.fhir.coreCWE-611 | 8.6 | High | 2024-09-06 |
This page lists every published CVE security advisory associated with hapifhir. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.