>= 7.0.0, <= 7.0.1
CRITICAL9.1CVE-2022-3782Keycloak vulnerable to path traversal via double URL encoding from 0, < 20.0.2
HIGH8.8Improper Authentication for Keycloak
from 0, < 8.0.0
HIGH8.3Keycloak Authentication Error
>= 7.0.0, <= 7.0.1
HIGH8.3Code injection in keycloak
>= 9.0.0, < 12.0.3
HIGH8.1Keycloak Cross-site Scripting on OpenID connect login service
from 0, < 20.0.5
HIGH8.1Keycloak Improper Bruteforce Detection
from 0, < 4.6.0.Final
HIGH7.5Incorrect implementation of lockout feature in Keycloak
from 0, < 13.0.0
HIGH7.5Keycloak CSRF Vulnerability
from 0, < 3.4.0
HIGH7.5Path Traversal
from 0, < 12.0.0
HIGH7.5Allocation of Resources Without Limits or Throttling in Keycloak
from 0, < 11.0.1
HIGH7.2Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console
from 0, < 19.0.2
HIGH7.2Keycloak Oauth Implementation Error
from 0, < 3.3.0.Final
HIGH7.1Keycloak insufficient session expiration
from 0, < 14.0.0
MEDIUM6.8Keycloak vulnerable to session takeover with OIDC offline refreshtokens
from 0, < 20.0.2
MEDIUM6.1Cross-site Scripting in Keycloak
from 0, < 10.0.2
MEDIUM5.9Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Keycloak
from 0, < 10.0.0
MEDIUM5.4Keycloak vulnerable to Stored Cross site Scripting (XSS) when loading default roles
from 0, < 19.0.2
MEDIUM5.4Keycloak Reflected XSS
from 0, < 3.4.0
MEDIUM5.4Keycloak vulnerable to cross-site scripting via the state parameter
from 0, <= 3.4.3.Final
MEDIUM5.4Incorrect Authorization in keycloak
from 0, < 13.0.0
MEDIUM5.3Keycloak has Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
from 0, <= 26.5.0
MEDIUM4.9Incorrect Permission Assignment for Critical Resource and Permissive List of Allowed Inputs in Keycloak
from 0, < 10.0.0
LOW2.7Keycloak Server-Side Request Forgery (SSRF) vulnerability
from 0, <= 26.5.2
LOW2.7Generation of Error Message Containing Sensitive Information in Keycloak
from 0, <= 7.0.1