from 0, < 8.0.2
CRITICAL9.6CVE-2021-20195keycloak Self Stored Cross-site Scripting vulnerability from 0, < 13.0.0
CRITICAL9.1keycloak vulnerable to unauthorized login via mail server setup
from 0, < 8.0.0
HIGH8.8Keycloak vulnerable to Plaintext Storage of User Password
>= 22.0.2, < 22.0.3
HIGH8.8Authentication Bypass in keycloak
from 0, < 12.0.0
HIGH8.8Improper Input Validation in Keycloak
from 0, < 11.0.0
HIGH8.8Improper Input Validation and Cross-Site Request Forgery in Keycloak
from 0, < 7.0.0
HIGH8.1Improper privilege management in Keycloak
from 0, < 12.0.0
HIGH8.1Improper Verification of Cryptographic Signature in keycloak
from 0, < 7.0.0
HIGH8.1Improper Authentication in Keycloak
from 0, < 4.6.0
HIGH8.1Improper Authentication in org.keycloak:keycloak-core
from 0, < 2.3.0
HIGH7.5Keycloak allows anyone to register new security device or key for any user by using WebAuthn password-less login flow
from 0, < 15.1.0
HIGH7.5Keycloak vulnerable to uncontrolled resource consumption
from 0, < 1.0.3
HIGH7.5Keycloak vulnerable to infinite loop based Denial of Service
from 0, < 2.5.5
HIGH7.3Temporary Directory Hijacking Vulnerability in Keycloak
from 0, < 13.0.0
HIGH7.2Privilege Defined With Unsafe Actions in Keycloak
from 0, < 8.0.0
HIGH7.1Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination
from 0, < 26.0.6
MEDIUM6.8Keycloak Missing authentication for critical function
from 0, <= 12.0.4
MEDIUM6.5Keycloak Denial of Service vulnerability
from 0, < 24.0.0
MEDIUM6.5Keycloak: Impersonation and lockout possible through incorrect handling of email trust
from 0, < 22.0.1
MEDIUM6.5Keycloak Untrusted Certificate Validation vulnerability
from 0, < 21.1.2
MEDIUM6.5Keycloak has lack of validation of access token on client registrations endpoint
from 0, < 20.0.3
MEDIUM6.5Keycloak discloses information without authentication
from 0, < 13.0.0
MEDIUM6.5Improper authorization in Keycloak
from 0, < 17.0.1
MEDIUM6.5keycloak-core discloses system properties
from 0, < 2.5.1
MEDIUM6.1JBoss KeyCloak Cross-site Scripting Vulnerability
from 0, < 1.1.0.Beta1
MEDIUM6.1Keycloak Open Redirect
from 0, <= 3.2.1.Final
MEDIUM6.1Cross-site Scripting in Keycloak
>= 15.0.0, < 17.0.0
MEDIUM5.9keycloak-core vulnerable to timing attacks against JWS token verification
from 0, < 2.5.1
MEDIUM5.6Exposure of Sensitive Information in keycloak
from 0, < 9.0.1
MEDIUM5.5Keycloak leaks sensitive information in logged exceptions
from 0, < 9.0.0
MEDIUM5.4Keycloak XSS via use of malicious payload as group name when creating new group from admin console
from 0, < 20.0.0
MEDIUM5.4Keycloak XSS via use of malicious payload as group name when creating new group from admin console
from 0, <= 16.1.0
MEDIUM5.4Keycloak vulnerable to Improper Certificate Validation
from 0, < 14.0.0
MEDIUM5.4XSS in Keycloak
from 0, < 9.0.0
MEDIUM5.3Keycloak vulnerable to Server-Side Request Forgery
from 0, < 13.0.0
MEDIUM4.9Moderate severity vulnerability that affects org.keycloak:keycloak-core
from 0, < 4.0.0
MEDIUM4.8Keycloaks's One Time Passcode (OTP) is valid longer than expiration timeSeverity
from 0, < 24.0.7
MEDIUM4.8Improper Certificate Validation and Insufficient Verification of Data Authenticity in Keycloak
from 0, <= 6.0.1
MEDIUM4.7Keycloak users may be able to remove MFA from other users' devices
from 0, < 9.0.2
MEDIUM4.6keycloak-core: open redirect via "form_post.jwt" JARM response mode
from 0, < 23.0.4
MEDIUM4.4Keycloak Open Redirect vulnerability
from 0, < 24.0.7
MEDIUM4.3Keycloak has Files or Directories Accessible to External Parties
from 0, < 15.1.0
MEDIUM4.3Keycloak Insufficient Session Expiry
from 0, < 9.0.2
MEDIUM4.3Exposure of Sensitive Information to an Unauthorized Actor in Keycloak
from 0, < 8.0.0
LOW3.8Keycloak allows cross-site scripting (XSS)
from 0, <= 26.1.2
LOW3.8Exposure of Sensitive Information to an Unauthorized Actor in Keycloak
from 0, < 6.0.0
—Improper Restriction of Rendered UI Layers or Frames in Keycloak
from 0, <= 9.0.3
—Moderate severity vulnerability that affects org.keycloak:keycloak-core
from 0, < 3.4.2
—Moderate severity vulnerability that affects org.keycloak:keycloak-core
from 0, < 2.4.0