Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.convertors@5.5.8

Type maven

Namespace ca.uhn.hapi.fhir

Name org.hl7.fhir.convertors

Version 5.5.8

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 6.9.0

Latest_non_vulnerable_version 6.9.0

Affected_by_vulnerabilities

url VCID-akg4-sqhf-ekb4

vulnerability_id VCID-akg4-sqhf-ekb4

summary Relative Path Traversal in ca.uhn.hapi.fhir:org.hl7.fhir.utilities.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-28465

reference_id

reference_type

scores

value	0.00737
scoring_system	epss
scoring_elements	0.73252
published_at	2026-06-06T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.73247
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-28465

reference_url

https://github.com/hapifhir/org.hl7.fhir.core

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/hapifhir/org.hl7.fhir.core

reference_url

https://github.com/hapifhir/org.hl7.fhir.core/blob/b0daf666725fa14476d147522155af1e81922aac/org.hl7.fhir.r4b/src/main/java/org/hl7/fhir/r4b/terminologies/TerminologyCacheManager.java#L99-L105

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/hapifhir/org.hl7.fhir.core/blob/b0daf666725fa14476d147522155af1e81922aac/org.hl7.fhir.r4b/src/main/java/org/hl7/fhir/r4b/terminologies/TerminologyCacheManager.java#L99-L105

reference_url

https://github.com/hapifhir/org.hl7.fhir.core/pull/1162

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/hapifhir/org.hl7.fhir.core/pull/1162

reference_url

https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/5.6.106

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/5.6.106

reference_url

https://www.smilecdr.com/our-blog

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T14:31:13Z/

url

https://www.smilecdr.com/our-blog

reference_url

https://www.smilecdr.com/our-blog/statement-on-cve-2023-24057-smile-digital-health

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T14:31:13Z/

url

https://www.smilecdr.com/our-blog/statement-on-cve-2023-24057-smile-digital-health

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-28465

reference_id

CVE-2023-28465

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-28465

reference_url

https://github.com/advisories/GHSA-9654-pr4f-gh6m

reference_id

GHSA-9654-pr4f-gh6m

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T14:31:13Z/

url

https://github.com/advisories/GHSA-9654-pr4f-gh6m

reference_url

https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-9654-pr4f-gh6m

reference_id

GHSA-9654-pr4f-gh6m

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-9654-pr4f-gh6m

fixed_packages

url pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.convertors@5.6.106

purl pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.convertors@5.6.106

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hhuh-bj59-zbfm

vulnerability	VCID-t9ha-qzdq-xuaf

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.convertors@5.6.106

aliases CVE-2023-28465, GHSA-9654-pr4f-gh6m, GMS-2023-707, GMS-2023-708, GMS-2023-709, GMS-2023-710, GMS-2023-711, GMS-2023-712

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-akg4-sqhf-ekb4

url VCID-hhuh-bj59-zbfm

vulnerability_id VCID-hhuh-bj59-zbfm

summary HAPI FHIR: hapifhir/org.hl7.fhir.core: HAPI FHIR: Information disclosure and potential impersonation via HTTP redirects sending sensitive headers

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33180.json

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33180.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33180

reference_id

reference_type

scores

value	0.00046
scoring_system	epss
scoring_elements	0.14677
published_at	2026-06-06T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14671
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33180

reference_url

https://github.com/hapifhir/org.hl7.fhir.core

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/hapifhir/org.hl7.fhir.core

reference_url

https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-p7m9-v2cm-2h7m

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:44:33Z/

url

https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-p7m9-v2cm-2h7m

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-33180

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-33180

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2449841
reference_id	2449841
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2449841

reference_url	https://github.com/advisories/GHSA-p7m9-v2cm-2h7m
reference_id	GHSA-p7m9-v2cm-2h7m
reference_type
scores
url	https://github.com/advisories/GHSA-p7m9-v2cm-2h7m

fixed_packages

url	pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.convertors@6.9.0
purl	pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.convertors@6.9.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.convertors@6.9.0

aliases CVE-2026-33180, GHSA-p7m9-v2cm-2h7m

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hhuh-bj59-zbfm

url VCID-mm8m-2qys-bfdh

vulnerability_id VCID-mm8m-2qys-bfdh

summary

MITM based Zip Slip in `ca.uhn.hapi.fhir:org.hl7.fhir.core`
MITM can enable Zip-Slip.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-24057

reference_id

reference_type

scores

value	0.00688
scoring_system	epss
scoring_elements	0.72171
published_at	2026-06-06T12:55:00Z

value	0.00688
scoring_system	epss
scoring_elements	0.72164
published_at	2026-06-05T12:55:00Z

value	0.00688
scoring_system	epss
scoring_elements	0.72123
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-24057

reference_url

https://github.com/hapifhir/org.hl7.fhir.core

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/hapifhir/org.hl7.fhir.core

reference_url

https://github.com/hapifhir/org.hl7.fhir.core/commit/b50aec59124416b7315a49220cfc3999223414cc

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/hapifhir/org.hl7.fhir.core/commit/b50aec59124416b7315a49220cfc3999223414cc

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-24057

reference_id

CVE-2023-24057

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-24057

reference_url	https://github.com/advisories/GHSA-jqh6-9574-5x22
reference_id	GHSA-jqh6-9574-5x22
reference_type
scores
url	https://github.com/advisories/GHSA-jqh6-9574-5x22

reference_url

https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-jqh6-9574-5x22

reference_id

GHSA-jqh6-9574-5x22

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-jqh6-9574-5x22

reference_url

https://github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-xr8x-pxm6-prjg

reference_id

GHSA-xr8x-pxm6-prjg

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-01T19:25:38Z/

url

https://github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-xr8x-pxm6-prjg

fixed_packages

url pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.convertors@5.6.92

purl pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.convertors@5.6.92

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-akg4-sqhf-ekb4

vulnerability	VCID-hhuh-bj59-zbfm

vulnerability	VCID-t9ha-qzdq-xuaf

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.convertors@5.6.92

aliases CVE-2023-24057, GHSA-jqh6-9574-5x22, GMS-2023-96

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mm8m-2qys-bfdh

url VCID-t9ha-qzdq-xuaf

vulnerability_id VCID-t9ha-qzdq-xuaf

summary

HAPI FHIR XML External Entity (XXE) vulnerability
An XML External Entity (XXE) vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-51132.json

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-51132.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-51132

reference_id

reference_type

scores

value	0.07937
scoring_system	epss
scoring_elements	0.92205
published_at	2026-06-06T12:55:00Z

value	0.07937
scoring_system	epss
scoring_elements	0.92207
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-51132

reference_url

https://github.com/hapifhir/org.hl7.fhir.core

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-11-06T19:21:58Z/

url

https://github.com/hapifhir/org.hl7.fhir.core

reference_url

https://github.com/hapifhir/org.hl7.fhir.core/commit/7ede053a5fca50cc2802884c661a241d51703a67

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/hapifhir/org.hl7.fhir.core/commit/7ede053a5fca50cc2802884c661a241d51703a67

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2323897
reference_id	2323897
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2323897

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-51132

reference_id

CVE-2024-51132

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-51132

reference_url

https://github.com/JAckLosingHeart/CVE-2024-51132-POC

reference_id

CVE-2024-51132-POC

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-11-06T19:21:58Z/

url

https://github.com/JAckLosingHeart/CVE-2024-51132-POC

reference_url	https://github.com/advisories/GHSA-4cf2-cxp3-rjr7
reference_id	GHSA-4cf2-cxp3-rjr7
reference_type
scores
url	https://github.com/advisories/GHSA-4cf2-cxp3-rjr7

reference_url	https://access.redhat.com/errata/RHSA-2024:9806
reference_id	RHSA-2024:9806
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:9806

fixed_packages

url pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.convertors@6.4.0

purl pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.convertors@6.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hhuh-bj59-zbfm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.convertors@6.4.0

aliases CVE-2024-51132, GHSA-4cf2-cxp3-rjr7

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t9ha-qzdq-xuaf

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.convertors@5.5.8

Package Instance