pkg:Maven/org.keycloak:keycloak-ldap-federation

All known vulnerabilities

• MEDIUM5.5CVE-2025-13467Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization
  >= 26.3.0, < 26.4.6
• MEDIUM5.4CVE-2025-0604Authentication Bypass Due to Missing LDAP Bind After Password Reset in Keycloak
  >= 26.1.0, < 26.1.3
• LOW2.7CVE-2024-5967Keycloak leaks configured LDAP bind credentials through the Keycloak admin console
  >= 25.0.0, < 25.0.1
• —Keycloak vulnerable to LDAP Injection on UsernameForm Login
  from 0, < 23.0.1