Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.convertors@5.3.7
Typemaven
Namespaceca.uhn.hapi.fhir
Nameorg.hl7.fhir.convertors
Version5.3.7
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.9.0
Latest_non_vulnerable_version6.9.0
Affected_by_vulnerabilities
0
url VCID-akg4-sqhf-ekb4
vulnerability_id VCID-akg4-sqhf-ekb4
summary Relative Path Traversal in ca.uhn.hapi.fhir:org.hl7.fhir.utilities.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28465
reference_id
reference_type
scores
0
value 0.00737
scoring_system epss
scoring_elements 0.73247
published_at 2026-06-05T12:55:00Z
1
value 0.00737
scoring_system epss
scoring_elements 0.73245
published_at 2026-06-09T12:55:00Z
2
value 0.00737
scoring_system epss
scoring_elements 0.73222
published_at 2026-06-08T12:55:00Z
3
value 0.00737
scoring_system epss
scoring_elements 0.73234
published_at 2026-06-07T12:55:00Z
4
value 0.00737
scoring_system epss
scoring_elements 0.73252
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28465
1
reference_url https://github.com/hapifhir/org.hl7.fhir.core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hapifhir/org.hl7.fhir.core
2
reference_url https://github.com/hapifhir/org.hl7.fhir.core/blob/b0daf666725fa14476d147522155af1e81922aac/org.hl7.fhir.r4b/src/main/java/org/hl7/fhir/r4b/terminologies/TerminologyCacheManager.java#L99-L105
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hapifhir/org.hl7.fhir.core/blob/b0daf666725fa14476d147522155af1e81922aac/org.hl7.fhir.r4b/src/main/java/org/hl7/fhir/r4b/terminologies/TerminologyCacheManager.java#L99-L105
3
reference_url https://github.com/hapifhir/org.hl7.fhir.core/pull/1162
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hapifhir/org.hl7.fhir.core/pull/1162
4
reference_url https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/5.6.106
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/5.6.106
5
reference_url https://www.smilecdr.com/our-blog
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T14:31:13Z/
url https://www.smilecdr.com/our-blog
6
reference_url https://www.smilecdr.com/our-blog/statement-on-cve-2023-24057-smile-digital-health
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T14:31:13Z/
url https://www.smilecdr.com/our-blog/statement-on-cve-2023-24057-smile-digital-health
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28465
reference_id CVE-2023-28465
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28465
8
reference_url https://github.com/advisories/GHSA-9654-pr4f-gh6m
reference_id GHSA-9654-pr4f-gh6m
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T14:31:13Z/
url https://github.com/advisories/GHSA-9654-pr4f-gh6m
9
reference_url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-9654-pr4f-gh6m
reference_id GHSA-9654-pr4f-gh6m
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-9654-pr4f-gh6m
fixed_packages
0
url pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.convertors@5.6.106
purl pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.convertors@5.6.106
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hhuh-bj59-zbfm
1
vulnerability VCID-t9ha-qzdq-xuaf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.convertors@5.6.106
aliases CVE-2023-28465, GHSA-9654-pr4f-gh6m, GMS-2023-707, GMS-2023-708, GMS-2023-709, GMS-2023-710, GMS-2023-711, GMS-2023-712
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-akg4-sqhf-ekb4
1
url VCID-hhuh-bj59-zbfm
vulnerability_id VCID-hhuh-bj59-zbfm
summary HAPI FHIR: hapifhir/org.hl7.fhir.core: HAPI FHIR: Information disclosure and potential impersonation via HTTP redirects sending sensitive headers
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33180.json
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33180.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33180
reference_id
reference_type
scores
0
value 0.00046
scoring_system epss
scoring_elements 0.14575
published_at 2026-06-09T12:55:00Z
1
value 0.00046
scoring_system epss
scoring_elements 0.14671
published_at 2026-06-05T12:55:00Z
2
value 0.00046
scoring_system epss
scoring_elements 0.14677
published_at 2026-06-06T12:55:00Z
3
value 0.00046
scoring_system epss
scoring_elements 0.14635
published_at 2026-06-07T12:55:00Z
4
value 0.00046
scoring_system epss
scoring_elements 0.14552
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33180
2
reference_url https://github.com/hapifhir/org.hl7.fhir.core
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/hapifhir/org.hl7.fhir.core
3
reference_url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-p7m9-v2cm-2h7m
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:44:33Z/
url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-p7m9-v2cm-2h7m
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33180
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33180
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2449841
reference_id 2449841
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2449841
6
reference_url https://github.com/advisories/GHSA-p7m9-v2cm-2h7m
reference_id GHSA-p7m9-v2cm-2h7m
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p7m9-v2cm-2h7m
fixed_packages
0
url pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.convertors@6.9.0
purl pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.convertors@6.9.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.convertors@6.9.0
aliases CVE-2026-33180, GHSA-p7m9-v2cm-2h7m
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hhuh-bj59-zbfm
2
url VCID-mm8m-2qys-bfdh
vulnerability_id VCID-mm8m-2qys-bfdh
summary 
MITM based Zip Slip in `ca.uhn.hapi.fhir:org.hl7.fhir.core`
MITM can enable Zip-Slip.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-24057
reference_id
reference_type
scores
0
value 0.00688
scoring_system epss
scoring_elements 0.72162
published_at 2026-06-09T12:55:00Z
1
value 0.00688
scoring_system epss
scoring_elements 0.72123
published_at 2026-06-04T12:55:00Z
2
value 0.00688
scoring_system epss
scoring_elements 0.72164
published_at 2026-06-05T12:55:00Z
3
value 0.00688
scoring_system epss
scoring_elements 0.72171
published_at 2026-06-06T12:55:00Z
4
value 0.00688
scoring_system epss
scoring_elements 0.7215
published_at 2026-06-07T12:55:00Z
5
value 0.00688
scoring_system epss
scoring_elements 0.72136
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-24057
1
reference_url https://github.com/hapifhir/org.hl7.fhir.core
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/hapifhir/org.hl7.fhir.core
2
reference_url https://github.com/hapifhir/org.hl7.fhir.core/commit/b50aec59124416b7315a49220cfc3999223414cc
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/hapifhir/org.hl7.fhir.core/commit/b50aec59124416b7315a49220cfc3999223414cc
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-24057
reference_id CVE-2023-24057
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-24057
4
reference_url https://github.com/advisories/GHSA-jqh6-9574-5x22
reference_id GHSA-jqh6-9574-5x22
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jqh6-9574-5x22
5
reference_url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-jqh6-9574-5x22
reference_id GHSA-jqh6-9574-5x22
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-jqh6-9574-5x22
6
reference_url https://github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-xr8x-pxm6-prjg
reference_id GHSA-xr8x-pxm6-prjg
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-01T19:25:38Z/
url https://github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-xr8x-pxm6-prjg
fixed_packages
0
url pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.convertors@5.6.92
purl pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.convertors@5.6.92
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-akg4-sqhf-ekb4
1
vulnerability VCID-hhuh-bj59-zbfm
2
vulnerability VCID-t9ha-qzdq-xuaf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.convertors@5.6.92
aliases CVE-2023-24057, GHSA-jqh6-9574-5x22, GMS-2023-96
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mm8m-2qys-bfdh
3
url VCID-t9ha-qzdq-xuaf
vulnerability_id VCID-t9ha-qzdq-xuaf
summary 
HAPI FHIR XML External Entity (XXE) vulnerability
An XML External Entity (XXE) vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-51132.json
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-51132.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-51132
reference_id
reference_type
scores
0
value 0.07937
scoring_system epss
scoring_elements 0.92218
published_at 2026-06-09T12:55:00Z
1
value 0.07937
scoring_system epss
scoring_elements 0.92204
published_at 2026-06-08T12:55:00Z
2
value 0.07937
scoring_system epss
scoring_elements 0.92207
published_at 2026-06-05T12:55:00Z
3
value 0.07937
scoring_system epss
scoring_elements 0.92203
published_at 2026-06-07T12:55:00Z
4
value 0.07937
scoring_system epss
scoring_elements 0.92205
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-51132
2
reference_url https://github.com/hapifhir/org.hl7.fhir.core
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-11-06T19:21:58Z/
url https://github.com/hapifhir/org.hl7.fhir.core
3
reference_url https://github.com/hapifhir/org.hl7.fhir.core/commit/7ede053a5fca50cc2802884c661a241d51703a67
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hapifhir/org.hl7.fhir.core/commit/7ede053a5fca50cc2802884c661a241d51703a67
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2323897
reference_id 2323897
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2323897
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-51132
reference_id CVE-2024-51132
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-51132
6
reference_url https://github.com/JAckLosingHeart/CVE-2024-51132-POC
reference_id CVE-2024-51132-POC
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-11-06T19:21:58Z/
url https://github.com/JAckLosingHeart/CVE-2024-51132-POC
7
reference_url https://github.com/advisories/GHSA-4cf2-cxp3-rjr7
reference_id GHSA-4cf2-cxp3-rjr7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4cf2-cxp3-rjr7
8
reference_url https://access.redhat.com/errata/RHSA-2024:9806
reference_id RHSA-2024:9806
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9806
fixed_packages
0
url pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.convertors@6.4.0
purl pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.convertors@6.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hhuh-bj59-zbfm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.convertors@6.4.0
aliases CVE-2024-51132, GHSA-4cf2-cxp3-rjr7
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t9ha-qzdq-xuaf
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.convertors@5.3.7