← All vulnerabilities
CRITICALSupply chain
GHSA-2F55-G35J-5JMF
maven · ca.uhn.hapi.fhir:org.hl7.fhir.utilities
Summary
HAPI FHIR: XXE in XsltUtilities.saxonTransform via unhardened Saxon TransformerFactory
References
Related vulnerabilities
All Supply chain →- MEDIUMGHSA-X4R9-GMW3-HXWW
GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution
- MEDIUMGHSA-HHPQ-7WG4-36JM
CakePHP Authentication: Open redirect weakness via backslash bypass
- CRITICALGHSA-8FQ9-273G-6MRG
Avo: Missing Authorization in Avo Association Attach Endpoint Allows Unauthorized Relationship Manipulation and Privilege Escalation
- MEDIUMGHSA-X2QC-CMH9-F4HF
Deno: Denial of service via non-ASCII bytes in WebSocket response headers
- HIGHGHSA-FXJ4-P9XP-37V5
HAPI FHIR: Incomplete fix for CVE-2026-45367: DSTU2 FHIRPathEngine.matches() missing RegexTimeout protection allows ReDoS
- CRITICALGHSA-X223-P2GF-V735
Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak