Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.r5@5.3.14
Typemaven
Namespaceca.uhn.hapi.fhir
Nameorg.hl7.fhir.r5
Version5.3.14
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.9.0
Latest_non_vulnerable_version6.9.7
Affected_by_vulnerabilities
0
url VCID-1cby-t5p4-ybdh
vulnerability_id VCID-1cby-t5p4-ybdh
summary 
XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`
XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag ( `<!DOCTYPE foo [<!ENTITY example SYSTEM "/etc/passwd"> ]>` could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients can submit XML.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45294.json
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45294.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45294
reference_id
reference_type
scores
0
value 0.00089
scoring_system epss
scoring_elements 0.25365
published_at 2026-06-07T12:55:00Z
1
value 0.00089
scoring_system epss
scoring_elements 0.25414
published_at 2026-06-06T12:55:00Z
2
value 0.00089
scoring_system epss
scoring_elements 0.25429
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45294
2
reference_url https://github.com/hapifhir/org.hl7.fhir.core
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hapifhir/org.hl7.fhir.core
3
reference_url https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/6.3.23
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T16:15:37Z/
url https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/6.3.23
4
reference_url https://github.com/HL7/fhir-ig-publisher/releases/tag/1.6.22
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T16:15:37Z/
url https://github.com/HL7/fhir-ig-publisher/releases/tag/1.6.22
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2310447
reference_id 2310447
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2310447
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45294
reference_id CVE-2024-45294
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-45294
7
reference_url https://github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-59rq-22fm-x8q5
reference_id GHSA-59rq-22fm-x8q5
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T16:15:37Z/
url https://github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-59rq-22fm-x8q5
8
reference_url https://github.com/advisories/GHSA-6cr6-ph3p-f5rf
reference_id GHSA-6cr6-ph3p-f5rf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6cr6-ph3p-f5rf
9
reference_url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf
reference_id GHSA-6cr6-ph3p-f5rf
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T16:15:37Z/
url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf
10
reference_url https://access.redhat.com/errata/RHSA-2024:7052
reference_id RHSA-2024:7052
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7052
11
reference_url https://access.redhat.com/errata/RHSA-2024:8064
reference_id RHSA-2024:8064
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8064
fixed_packages
0
url pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.r5@6.3.23
purl pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.r5@6.3.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hhuh-bj59-zbfm
1
vulnerability VCID-p4yd-nnmu-wye2
2
vulnerability VCID-t9ha-qzdq-xuaf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.r5@6.3.23
aliases CVE-2024-45294, GHSA-6cr6-ph3p-f5rf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1cby-t5p4-ybdh
1
url VCID-akg4-sqhf-ekb4
vulnerability_id VCID-akg4-sqhf-ekb4
summary Relative Path Traversal in ca.uhn.hapi.fhir:org.hl7.fhir.utilities.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28465
reference_id
reference_type
scores
0
value 0.00737
scoring_system epss
scoring_elements 0.73252
published_at 2026-06-06T12:55:00Z
1
value 0.00737
scoring_system epss
scoring_elements 0.73234
published_at 2026-06-07T12:55:00Z
2
value 0.00737
scoring_system epss
scoring_elements 0.73247
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28465
1
reference_url https://github.com/hapifhir/org.hl7.fhir.core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hapifhir/org.hl7.fhir.core
2
reference_url https://github.com/hapifhir/org.hl7.fhir.core/blob/b0daf666725fa14476d147522155af1e81922aac/org.hl7.fhir.r4b/src/main/java/org/hl7/fhir/r4b/terminologies/TerminologyCacheManager.java#L99-L105
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hapifhir/org.hl7.fhir.core/blob/b0daf666725fa14476d147522155af1e81922aac/org.hl7.fhir.r4b/src/main/java/org/hl7/fhir/r4b/terminologies/TerminologyCacheManager.java#L99-L105
3
reference_url https://github.com/hapifhir/org.hl7.fhir.core/pull/1162
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hapifhir/org.hl7.fhir.core/pull/1162
4
reference_url https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/5.6.106
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/5.6.106
5
reference_url https://www.smilecdr.com/our-blog
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T14:31:13Z/
url https://www.smilecdr.com/our-blog
6
reference_url https://www.smilecdr.com/our-blog/statement-on-cve-2023-24057-smile-digital-health
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T14:31:13Z/
url https://www.smilecdr.com/our-blog/statement-on-cve-2023-24057-smile-digital-health
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28465
reference_id CVE-2023-28465
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28465
8
reference_url https://github.com/advisories/GHSA-9654-pr4f-gh6m
reference_id GHSA-9654-pr4f-gh6m
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T14:31:13Z/
url https://github.com/advisories/GHSA-9654-pr4f-gh6m
9
reference_url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-9654-pr4f-gh6m
reference_id GHSA-9654-pr4f-gh6m
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-9654-pr4f-gh6m
fixed_packages
0
url pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.r5@5.6.106
purl pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.r5@5.6.106
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cby-t5p4-ybdh
1
vulnerability VCID-hhuh-bj59-zbfm
2
vulnerability VCID-p4yd-nnmu-wye2
3
vulnerability VCID-t9ha-qzdq-xuaf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.r5@5.6.106
aliases CVE-2023-28465, GHSA-9654-pr4f-gh6m, GMS-2023-707, GMS-2023-708, GMS-2023-709, GMS-2023-710, GMS-2023-711, GMS-2023-712
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-akg4-sqhf-ekb4
2
url VCID-hhuh-bj59-zbfm
vulnerability_id VCID-hhuh-bj59-zbfm
summary HAPI FHIR: hapifhir/org.hl7.fhir.core: HAPI FHIR: Information disclosure and potential impersonation via HTTP redirects sending sensitive headers
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33180.json
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33180.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33180
reference_id
reference_type
scores
0
value 0.00046
scoring_system epss
scoring_elements 0.14635
published_at 2026-06-07T12:55:00Z
1
value 0.00046
scoring_system epss
scoring_elements 0.14671
published_at 2026-06-05T12:55:00Z
2
value 0.00046
scoring_system epss
scoring_elements 0.14677
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33180
2
reference_url https://github.com/hapifhir/org.hl7.fhir.core
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/hapifhir/org.hl7.fhir.core
3
reference_url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-p7m9-v2cm-2h7m
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:44:33Z/
url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-p7m9-v2cm-2h7m
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33180
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33180
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2449841
reference_id 2449841
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2449841
6
reference_url https://github.com/advisories/GHSA-p7m9-v2cm-2h7m
reference_id GHSA-p7m9-v2cm-2h7m
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p7m9-v2cm-2h7m
fixed_packages
0
url pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.r5@6.9.0
purl pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.r5@6.9.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.r5@6.9.0
aliases CVE-2026-33180, GHSA-p7m9-v2cm-2h7m
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hhuh-bj59-zbfm
3
url VCID-mm8m-2qys-bfdh
vulnerability_id VCID-mm8m-2qys-bfdh
summary 
MITM based Zip Slip in `ca.uhn.hapi.fhir:org.hl7.fhir.core`
MITM can enable Zip-Slip.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-24057
reference_id
reference_type
scores
0
value 0.00688
scoring_system epss
scoring_elements 0.72123
published_at 2026-06-04T12:55:00Z
1
value 0.00688
scoring_system epss
scoring_elements 0.7215
published_at 2026-06-07T12:55:00Z
2
value 0.00688
scoring_system epss
scoring_elements 0.72171
published_at 2026-06-06T12:55:00Z
3
value 0.00688
scoring_system epss
scoring_elements 0.72164
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-24057
1
reference_url https://github.com/hapifhir/org.hl7.fhir.core
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/hapifhir/org.hl7.fhir.core
2
reference_url https://github.com/hapifhir/org.hl7.fhir.core/commit/b50aec59124416b7315a49220cfc3999223414cc
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/hapifhir/org.hl7.fhir.core/commit/b50aec59124416b7315a49220cfc3999223414cc
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-24057
reference_id CVE-2023-24057
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-24057
4
reference_url https://github.com/advisories/GHSA-jqh6-9574-5x22
reference_id GHSA-jqh6-9574-5x22
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jqh6-9574-5x22
5
reference_url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-jqh6-9574-5x22
reference_id GHSA-jqh6-9574-5x22
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-jqh6-9574-5x22
6
reference_url https://github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-xr8x-pxm6-prjg
reference_id GHSA-xr8x-pxm6-prjg
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-01T19:25:38Z/
url https://github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-xr8x-pxm6-prjg
fixed_packages
0
url pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.r5@5.6.92
purl pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.r5@5.6.92
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cby-t5p4-ybdh
1
vulnerability VCID-akg4-sqhf-ekb4
2
vulnerability VCID-hhuh-bj59-zbfm
3
vulnerability VCID-p4yd-nnmu-wye2
4
vulnerability VCID-t9ha-qzdq-xuaf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.r5@5.6.92
aliases CVE-2023-24057, GHSA-jqh6-9574-5x22, GMS-2023-96
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mm8m-2qys-bfdh
4
url VCID-p4yd-nnmu-wye2
vulnerability_id VCID-p4yd-nnmu-wye2
summary 
XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`
XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag ( <!DOCTYPE foo [<!ENTITY example SYSTEM "/etc/passwd"> ]> could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients can submit XML.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52007.json
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52007.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52007
reference_id
reference_type
scores
0
value 0.00325
scoring_system epss
scoring_elements 0.5581
published_at 2026-06-05T12:55:00Z
1
value 0.00325
scoring_system epss
scoring_elements 0.55803
published_at 2026-06-07T12:55:00Z
2
value 0.00325
scoring_system epss
scoring_elements 0.55815
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52007
2
reference_url https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#jaxp-documentbuilderfactory-saxparserfactory-and-dom4j
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T16:07:55Z/
url https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#jaxp-documentbuilderfactory-saxparserfactory-and-dom4j
3
reference_url https://cwe.mitre.org/data/definitions/611.html
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T16:07:55Z/
url https://cwe.mitre.org/data/definitions/611.html
4
reference_url https://github.com/hapifhir/org.hl7.fhir.core
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hapifhir/org.hl7.fhir.core
5
reference_url https://github.com/hapifhir/org.hl7.fhir.core/issues/1571
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T16:07:55Z/
url https://github.com/hapifhir/org.hl7.fhir.core/issues/1571
6
reference_url https://github.com/hapifhir/org.hl7.fhir.core/pull/1717
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T16:07:55Z/
url https://github.com/hapifhir/org.hl7.fhir.core/pull/1717
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2324794
reference_id 2324794
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2324794
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52007
reference_id CVE-2024-52007
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52007
9
reference_url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf
reference_id GHSA-6cr6-ph3p-f5rf
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T16:07:55Z/
url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf
10
reference_url https://github.com/advisories/GHSA-gr3c-q7xf-47vh
reference_id GHSA-gr3c-q7xf-47vh
reference_type
scores
url https://github.com/advisories/GHSA-gr3c-q7xf-47vh
11
reference_url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-gr3c-q7xf-47vh
reference_id GHSA-gr3c-q7xf-47vh
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T16:07:55Z/
url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-gr3c-q7xf-47vh
12
reference_url https://access.redhat.com/errata/RHSA-2024:9806
reference_id RHSA-2024:9806
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9806
fixed_packages
0
url pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.r5@6.4.0
purl pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.r5@6.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hhuh-bj59-zbfm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.r5@6.4.0
aliases CVE-2024-52007, GHSA-gr3c-q7xf-47vh
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p4yd-nnmu-wye2
5
url VCID-t9ha-qzdq-xuaf
vulnerability_id VCID-t9ha-qzdq-xuaf
summary 
HAPI FHIR XML External Entity (XXE) vulnerability
An XML External Entity (XXE) vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-51132.json
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-51132.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-51132
reference_id
reference_type
scores
0
value 0.07937
scoring_system epss
scoring_elements 0.92203
published_at 2026-06-07T12:55:00Z
1
value 0.07937
scoring_system epss
scoring_elements 0.92205
published_at 2026-06-06T12:55:00Z
2
value 0.07937
scoring_system epss
scoring_elements 0.92207
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-51132
2
reference_url https://github.com/hapifhir/org.hl7.fhir.core
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-11-06T19:21:58Z/
url https://github.com/hapifhir/org.hl7.fhir.core
3
reference_url https://github.com/hapifhir/org.hl7.fhir.core/commit/7ede053a5fca50cc2802884c661a241d51703a67
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hapifhir/org.hl7.fhir.core/commit/7ede053a5fca50cc2802884c661a241d51703a67
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2323897
reference_id 2323897
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2323897
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-51132
reference_id CVE-2024-51132
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-51132
6
reference_url https://github.com/JAckLosingHeart/CVE-2024-51132-POC
reference_id CVE-2024-51132-POC
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-11-06T19:21:58Z/
url https://github.com/JAckLosingHeart/CVE-2024-51132-POC
7
reference_url https://github.com/advisories/GHSA-4cf2-cxp3-rjr7
reference_id GHSA-4cf2-cxp3-rjr7
reference_type
scores
url https://github.com/advisories/GHSA-4cf2-cxp3-rjr7
8
reference_url https://access.redhat.com/errata/RHSA-2024:9806
reference_id RHSA-2024:9806
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9806
fixed_packages
0
url pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.r5@6.4.0
purl pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.r5@6.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hhuh-bj59-zbfm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.r5@6.4.0
aliases CVE-2024-51132, GHSA-4cf2-cxp3-rjr7
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t9ha-qzdq-xuaf
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.r5@5.3.14