GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
7 advisories
HAPI FHIR Core has Authentication Credential Leakage via Improper URL Prefix Matching on HTTP Redirect
High
CVE-2026-34359
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.core
(Maven)
Mar 30, 2026
FHIR Validator: Unauthenticated Blind SSRF via /loadIG Endpoint Enables Internal Network Probing
Moderate
CVE-2026-34360
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.core
(Maven)
Mar 30, 2026
FHIR Validator HTTP service has SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft
Critical
CVE-2026-34361
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.validation
(Maven)
Mar 30, 2026
Micronaut has Unbounded `bundleCache` in `ResourceBundleMessageSource` that Allows Memory Exhaustion via `Accept-Language` Header
Low
CVE-2026-44242
was published
for
io.micronaut:micronaut-inject
(Maven)
May 6, 2026
Micronaut has unbounded `formattersCache` in `TimeConverterRegistrar` that Allows Memory Exhaustion via `Accept-Language` Header
High
CVE-2026-44241
was published
for
io.micronaut:micronaut-context
(Maven)
May 6, 2026
Netty: HttpContentDecompressor maxAllocation bypass when Content-Encoding set to br/zstd/snappy leads to decompression bomb DoS
High
CVE-2026-42587
was published
for
io.netty:netty-codec-http
(Maven)
May 7, 2026
HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint
High
CVE-2026-45367
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.dstu2
(Maven)
May 18, 2026
ProTip!
Advisories are also available from the
GraphQL API