Security Advisories

Responsible vulnerability disclosures from our security research.

As part of our security research, we identify and responsibly disclose vulnerabilities in software used in healthcare and critical infrastructure. We work closely with vendors to ensure issues are resolved before publication. Each advisory below documents a confirmed vulnerability along with its impact and recommended mitigation.

ePA-VAU client research

Several advisories below belong to a recurring weakness pattern in lib-vau-based ePA client implementations. We collected them on one page.

View ePA-VAU summary
14 Critical25 High5 Medium44 total

mercure

DICOM Orchestrator

4 Critical5 High1 Medium

Orthanc

PACS / DICOM Server

3 Critical6 High

gematik

German Healthcare Infrastructure

1 Critical3 High1 Medium

fbeta GmbH

ePA3-Service (DiGA-Konnektormodul)

1 Critical2 High1 Medium

OpenReception

Appointment Booking Software

1 Critical1 High

DCMTK

OFFIS DICOM Toolkit

1 Critical

OpenMRS

Electronic Medical Record Platform

1 Critical

pydicom

DICOM Networking Library

1 Critical

SENAITE

Laboratory Information Management System (LIMS)

1 Critical

Oviva

ePA Client (Elektronische Patientenakte)

3 High1 Medium

med-united

ePA-Middleware (Primärsystem)

2 High

Techniker Krankenkasse

GKV SECON Reference Implementation

1 High1 Medium

OHIF

Web-Based DICOM Viewer

1 High

Robert Koch Institut (RKI)

Metadata Exchange Platform

1 High