Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/keycloak-connect@4.7.0
Typenpm
Namespace
Namekeycloak-connect
Version4.7.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version13.0.0
Latest_non_vulnerable_version23.0.0
Affected_by_vulnerabilities
0
url VCID-13dn-ke8h-67ez
vulnerability_id VCID-13dn-ke8h-67ez
summary 
Insufficient Session Expiration
A flaw was found in Keycloak. This flaw allows a malicious user that is currently logged-in, to see the personal information of a previously logged-out user in the account manager section.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1724.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1724.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1724
reference_id
reference_type
scores
0
value 0.00136
scoring_system epss
scoring_elements 0.33175
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1724
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1800527
reference_id 1800527
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1800527
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1724
reference_id CVE-2020-1724
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1724
6
reference_url https://access.redhat.com/errata/RHSA-2020:2106
reference_id RHSA-2020:2106
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2106
7
reference_url https://access.redhat.com/errata/RHSA-2020:2107
reference_id RHSA-2020:2107
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2107
8
reference_url https://access.redhat.com/errata/RHSA-2020:2108
reference_id RHSA-2020:2108
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2108
9
reference_url https://access.redhat.com/errata/RHSA-2020:2112
reference_id RHSA-2020:2112
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2112
10
reference_url https://access.redhat.com/errata/RHSA-2020:2252
reference_id RHSA-2020:2252
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2252
11
reference_url https://access.redhat.com/errata/RHSA-2020:2905
reference_id RHSA-2020:2905
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2905
fixed_packages
0
url pkg:npm/keycloak-connect@9.0.2
purl pkg:npm/keycloak-connect@9.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6gee-p7fr-1yhy
1
vulnerability VCID-dc8s-fqv5-1uhk
2
vulnerability VCID-wgzd-wv2e-pyhy
3
vulnerability VCID-wt2c-cyu2-kbgm
4
vulnerability VCID-xghp-f8g9-akhn
5
vulnerability VCID-y9de-4w6u-abfa
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@9.0.2
aliases CVE-2020-1724, GHSA-8xj2-47xw-q78c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-13dn-ke8h-67ez
1
url VCID-2qmw-afpp-7qa8
vulnerability_id VCID-2qmw-afpp-7qa8
summary 
Improper Authentication
A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1718.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1718.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1718
reference_id
reference_type
scores
0
value 0.00367
scoring_system epss
scoring_elements 0.58922
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1718
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1718
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1718
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1796756
reference_id 1796756
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1796756
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1718
reference_id CVE-2020-1718
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1718
5
reference_url https://github.com/advisories/GHSA-j229-2h63-rvh9
reference_id GHSA-j229-2h63-rvh9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j229-2h63-rvh9
6
reference_url https://access.redhat.com/errata/RHSA-2020:2106
reference_id RHSA-2020:2106
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2106
7
reference_url https://access.redhat.com/errata/RHSA-2020:2107
reference_id RHSA-2020:2107
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2107
8
reference_url https://access.redhat.com/errata/RHSA-2020:2108
reference_id RHSA-2020:2108
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2108
9
reference_url https://access.redhat.com/errata/RHSA-2020:2112
reference_id RHSA-2020:2112
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2112
10
reference_url https://access.redhat.com/errata/RHSA-2020:2252
reference_id RHSA-2020:2252
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2252
11
reference_url https://access.redhat.com/errata/RHSA-2020:2905
reference_id RHSA-2020:2905
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2905
12
reference_url https://access.redhat.com/errata/RHSA-2020:3196
reference_id RHSA-2020:3196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3196
13
reference_url https://access.redhat.com/errata/RHSA-2020:3197
reference_id RHSA-2020:3197
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3197
fixed_packages
0
url pkg:npm/keycloak-connect@8.0.0
purl pkg:npm/keycloak-connect@8.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-cwqj-tnbj-3ubh
2
vulnerability VCID-dc8s-fqv5-1uhk
3
vulnerability VCID-wgzd-wv2e-pyhy
4
vulnerability VCID-wt2c-cyu2-kbgm
5
vulnerability VCID-wuh8-4akm-2uae
6
vulnerability VCID-xghp-f8g9-akhn
7
vulnerability VCID-y9de-4w6u-abfa
8
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@8.0.0
aliases CVE-2020-1718, GHSA-j229-2h63-rvh9
risk_score 4.0
exploitability 0.5
weighted_severity 7.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2qmw-afpp-7qa8
2
url VCID-9719-srgk-33dh
vulnerability_id VCID-9719-srgk-33dh
summary 
Improper Certificate Validation
The X.509 authenticator supports the verification of client certificates through the CRL, where the CRL list can be obtained from the URL provided in the certificate itself (CDP) or through the separately configured path. The CRL are often available over the network through unsecured protocols (`http` or `ldap`) and hence the caller should verify the signature and possibly the certification path. Keycloak currently does not validate signatures on CRL, which can result in a possibility of various attacks like man-in-the-middle.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3875.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3875.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-3875
reference_id
reference_type
scores
0
value 0.00047
scoring_system epss
scoring_elements 0.15078
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-3875
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3875
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3875
3
reference_url http://www.securityfocus.com/bid/108748
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/108748
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1690628
reference_id 1690628
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1690628
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3875
reference_id CVE-2019-3875
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-3875
6
reference_url https://github.com/advisories/GHSA-38cg-gg9j-q9j9
reference_id GHSA-38cg-gg9j-q9j9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-38cg-gg9j-q9j9
7
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
8
reference_url https://access.redhat.com/errata/RHSA-2020:2366
reference_id RHSA-2020:2366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2366
fixed_packages
0
url pkg:npm/keycloak-connect@7.0.0
purl pkg:npm/keycloak-connect@7.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-2qmw-afpp-7qa8
2
vulnerability VCID-cwqj-tnbj-3ubh
3
vulnerability VCID-dc8s-fqv5-1uhk
4
vulnerability VCID-dx7u-4d6j-cfee
5
vulnerability VCID-kj7x-2shm-fqh1
6
vulnerability VCID-p1cj-f4de-1qc4
7
vulnerability VCID-rt61-271c-nkgk
8
vulnerability VCID-wgzd-wv2e-pyhy
9
vulnerability VCID-wt2c-cyu2-kbgm
10
vulnerability VCID-wuh8-4akm-2uae
11
vulnerability VCID-x24y-5nan-efg3
12
vulnerability VCID-xghp-f8g9-akhn
13
vulnerability VCID-y9de-4w6u-abfa
14
vulnerability VCID-zfgf-9455-d3fe
15
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@7.0.0
aliases CVE-2019-3875, GHSA-38cg-gg9j-q9j9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9719-srgk-33dh
3
url VCID-cg94-7n2h-7fac
vulnerability_id VCID-cg94-7n2h-7fac
summary 
Improper Input Validation
It was found that Keycloak's account console did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10199.json
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10199.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10199
reference_id
reference_type
scores
0
value 0.00095
scoring_system epss
scoring_elements 0.26326
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10199
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10199
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10199
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1729261
reference_id 1729261
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1729261
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10199
reference_id CVE-2019-10199
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10199
6
reference_url https://github.com/advisories/GHSA-p5xp-6vpf-jwvh
reference_id GHSA-p5xp-6vpf-jwvh
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p5xp-6vpf-jwvh
7
reference_url https://access.redhat.com/errata/RHSA-2019:2483
reference_id RHSA-2019:2483
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2483
8
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
9
reference_url https://access.redhat.com/errata/RHSA-2020:2366
reference_id RHSA-2020:2366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2366
fixed_packages
0
url pkg:npm/keycloak-connect@7.0.0
purl pkg:npm/keycloak-connect@7.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-2qmw-afpp-7qa8
2
vulnerability VCID-cwqj-tnbj-3ubh
3
vulnerability VCID-dc8s-fqv5-1uhk
4
vulnerability VCID-dx7u-4d6j-cfee
5
vulnerability VCID-kj7x-2shm-fqh1
6
vulnerability VCID-p1cj-f4de-1qc4
7
vulnerability VCID-rt61-271c-nkgk
8
vulnerability VCID-wgzd-wv2e-pyhy
9
vulnerability VCID-wt2c-cyu2-kbgm
10
vulnerability VCID-wuh8-4akm-2uae
11
vulnerability VCID-x24y-5nan-efg3
12
vulnerability VCID-xghp-f8g9-akhn
13
vulnerability VCID-y9de-4w6u-abfa
14
vulnerability VCID-zfgf-9455-d3fe
15
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@7.0.0
aliases CVE-2019-10199, GHSA-p5xp-6vpf-jwvh
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cg94-7n2h-7fac
4
url VCID-cwqj-tnbj-3ubh
vulnerability_id VCID-cwqj-tnbj-3ubh
summary 
Information Exposure
A logged exception in the `HttpMethod` class may leak the password given as parameter. The highest threat from this vulnerability is to data confidentiality.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1698.json
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1698.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1698
reference_id
reference_type
scores
0
value 0.00051
scoring_system epss
scoring_elements 0.16104
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1698
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1698
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1698
3
reference_url https://github.com/keycloak/keycloak/commit/62c9e1577618470832ede22dcedd46cba15b1836
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/62c9e1577618470832ede22dcedd46cba15b1836
4
reference_url https://github.com/keycloak/keycloak/pull/6751
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/6751
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1790292
reference_id 1790292
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1790292
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1698
reference_id CVE-2020-1698
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1698
7
reference_url https://access.redhat.com/errata/RHSA-2020:2252
reference_id RHSA-2020:2252
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2252
8
reference_url https://access.redhat.com/errata/RHSA-2020:2905
reference_id RHSA-2020:2905
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2905
9
reference_url https://access.redhat.com/errata/RHSA-2020:5625
reference_id RHSA-2020:5625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5625
fixed_packages
0
url pkg:npm/keycloak-connect@9.0.0
purl pkg:npm/keycloak-connect@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-6gee-p7fr-1yhy
2
vulnerability VCID-dc8s-fqv5-1uhk
3
vulnerability VCID-psus-g9c1-vufx
4
vulnerability VCID-wgzd-wv2e-pyhy
5
vulnerability VCID-wt2c-cyu2-kbgm
6
vulnerability VCID-xghp-f8g9-akhn
7
vulnerability VCID-y9de-4w6u-abfa
8
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@9.0.0
aliases CVE-2020-1698, GHSA-qgmm-f2qw-r95f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cwqj-tnbj-3ubh
5
url VCID-dc8s-fqv5-1uhk
vulnerability_id VCID-dc8s-fqv5-1uhk
summary 
Improper Privilege Management
It was found that Keycloak would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14389.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14389.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-14389
reference_id
reference_type
scores
0
value 0.00148
scoring_system epss
scoring_elements 0.3499
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-14389
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1875843
reference_id 1875843
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1875843
3
reference_url https://access.redhat.com/security/cve/cve-2020-14389
reference_id CVE-2020-14389
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/cve-2020-14389
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-14389
reference_id CVE-2020-14389
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-14389
5
reference_url https://access.redhat.com/errata/RHSA-2020:4929
reference_id RHSA-2020:4929
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4929
6
reference_url https://access.redhat.com/errata/RHSA-2020:4930
reference_id RHSA-2020:4930
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4930
7
reference_url https://access.redhat.com/errata/RHSA-2020:4931
reference_id RHSA-2020:4931
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4931
8
reference_url https://access.redhat.com/errata/RHSA-2020:4932
reference_id RHSA-2020:4932
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4932
fixed_packages
0
url pkg:npm/keycloak-connect@12.0.0
purl pkg:npm/keycloak-connect@12.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6gee-p7fr-1yhy
1
vulnerability VCID-pu4g-rbu2-nbdb
2
vulnerability VCID-wt2c-cyu2-kbgm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@12.0.0
aliases CVE-2020-14389, GHSA-c9x9-xv66-xp3v
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dc8s-fqv5-1uhk
6
url VCID-djda-aqxt-s3e9
vulnerability_id VCID-djda-aqxt-s3e9
summary 
Information Exposure
Keycloak allows the end user token (access or id token JWT) to be used as the session cookie for browser sessions for OIDC. As a result an attacker with access to service provider backend could hijack user's browser session.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:1140
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1140
1
reference_url https://access.redhat.com/errata/RHSA-2019:2998
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2998
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3868.json
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3868.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-3868
reference_id
reference_type
scores
0
value 0.00275
scoring_system epss
scoring_elements 0.51125
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-3868
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3868
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3868
5
reference_url http://www.securityfocus.com/bid/108061
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/108061
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1679144
reference_id 1679144
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1679144
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3868
reference_id CVE-2019-3868
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-3868
8
reference_url https://github.com/advisories/GHSA-gc52-xj6p-9pxp
reference_id GHSA-gc52-xj6p-9pxp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gc52-xj6p-9pxp
9
reference_url https://access.redhat.com/errata/RHSA-2019:0856
reference_id RHSA-2019:0856
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:0856
10
reference_url https://access.redhat.com/errata/RHSA-2019:0857
reference_id RHSA-2019:0857
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:0857
11
reference_url https://access.redhat.com/errata/RHSA-2019:0868
reference_id RHSA-2019:0868
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:0868
12
reference_url https://access.redhat.com/errata/RHSA-2020:2366
reference_id RHSA-2020:2366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2366
fixed_packages
0
url pkg:npm/keycloak-connect@6.0.1
purl pkg:npm/keycloak-connect@6.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-2qmw-afpp-7qa8
2
vulnerability VCID-9719-srgk-33dh
3
vulnerability VCID-cg94-7n2h-7fac
4
vulnerability VCID-cwqj-tnbj-3ubh
5
vulnerability VCID-dc8s-fqv5-1uhk
6
vulnerability VCID-dx7u-4d6j-cfee
7
vulnerability VCID-p1cj-f4de-1qc4
8
vulnerability VCID-prsa-264j-mfah
9
vulnerability VCID-wgzd-wv2e-pyhy
10
vulnerability VCID-wt2c-cyu2-kbgm
11
vulnerability VCID-wuh8-4akm-2uae
12
vulnerability VCID-x24y-5nan-efg3
13
vulnerability VCID-xghp-f8g9-akhn
14
vulnerability VCID-y9de-4w6u-abfa
15
vulnerability VCID-zfgf-9455-d3fe
16
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@6.0.1
aliases CVE-2019-3868, GHSA-gc52-xj6p-9pxp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-djda-aqxt-s3e9
7
url VCID-dx7u-4d6j-cfee
vulnerability_id VCID-dx7u-4d6j-cfee
summary 
Incorrect Authorization
A flaw was found in the Keycloak REST API, where it would permit user access from a realm the user, was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14832.json
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14832.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14832
reference_id
reference_type
scores
0
value 0.00383
scoring_system epss
scoring_elements 0.59936
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14832
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14832
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14832
3
reference_url https://github.com/keycloak/keycloak/commit/0b73685ccf3181115ae3936a578708630215ac23
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/0b73685ccf3181115ae3936a578708630215ac23
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1749487
reference_id 1749487
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1749487
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14832
reference_id CVE-2019-14832
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14832
6
reference_url https://github.com/advisories/GHSA-8prc-58j4-m55q
reference_id GHSA-8prc-58j4-m55q
reference_type
scores
url https://github.com/advisories/GHSA-8prc-58j4-m55q
7
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
8
reference_url https://access.redhat.com/errata/RHSA-2020:2366
reference_id RHSA-2020:2366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2366
fixed_packages
0
url pkg:npm/keycloak-connect@8.0.0
purl pkg:npm/keycloak-connect@8.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-cwqj-tnbj-3ubh
2
vulnerability VCID-dc8s-fqv5-1uhk
3
vulnerability VCID-wgzd-wv2e-pyhy
4
vulnerability VCID-wt2c-cyu2-kbgm
5
vulnerability VCID-wuh8-4akm-2uae
6
vulnerability VCID-xghp-f8g9-akhn
7
vulnerability VCID-y9de-4w6u-abfa
8
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@8.0.0
aliases CVE-2019-14832, GHSA-8prc-58j4-m55q
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dx7u-4d6j-cfee
8
url VCID-eucs-thxn-4kfv
vulnerability_id VCID-eucs-thxn-4kfv
summary 
Improper Authentication
It was found that Keycloak's Node.js adapter did not properly verify the web token received from the server in its backchannel logout . An attacker with local access could use this to construct a malicious web token setting an NBF parameter that could prevent user access indefinitely.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10157.json
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10157.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10157
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05385
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10157
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10157
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10157
3
reference_url https://github.com/keycloak/keycloak-nodejs-connect/commit/55e54b55d05ba636bc125a8f3d39f0052d13f8f6
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak-nodejs-connect/commit/55e54b55d05ba636bc125a8f3d39f0052d13f8f6
4
reference_url https://snyk.io/vuln/SNYK-JS-KEYCLOAKNODEJSCONNECT-449920
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-KEYCLOAKNODEJSCONNECT-449920
5
reference_url https://www.npmjs.com/advisories/978
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/978
6
reference_url http://www.securityfocus.com/bid/108734
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/108734
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1702953
reference_id 1702953
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1702953
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10157
reference_id CVE-2019-10157
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10157
9
reference_url https://github.com/advisories/GHSA-68hw-vfh7-xvg8
reference_id GHSA-68hw-vfh7-xvg8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-68hw-vfh7-xvg8
fixed_packages
0
url pkg:npm/keycloak-connect@4.8.3
purl pkg:npm/keycloak-connect@4.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-2qmw-afpp-7qa8
2
vulnerability VCID-9719-srgk-33dh
3
vulnerability VCID-cg94-7n2h-7fac
4
vulnerability VCID-cwqj-tnbj-3ubh
5
vulnerability VCID-dc8s-fqv5-1uhk
6
vulnerability VCID-djda-aqxt-s3e9
7
vulnerability VCID-dx7u-4d6j-cfee
8
vulnerability VCID-p1cj-f4de-1qc4
9
vulnerability VCID-prsa-264j-mfah
10
vulnerability VCID-wgzd-wv2e-pyhy
11
vulnerability VCID-wt2c-cyu2-kbgm
12
vulnerability VCID-wuh8-4akm-2uae
13
vulnerability VCID-x24y-5nan-efg3
14
vulnerability VCID-xghp-f8g9-akhn
15
vulnerability VCID-y9de-4w6u-abfa
16
vulnerability VCID-zfgf-9455-d3fe
17
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@4.8.3
aliases CVE-2019-10157, GHSA-68hw-vfh7-xvg8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eucs-thxn-4kfv
9
url VCID-p1cj-f4de-1qc4
vulnerability_id VCID-p1cj-f4de-1qc4
summary 
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the application user.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10170.json
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10170.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10170
reference_id
reference_type
scores
0
value 0.00742
scoring_system epss
scoring_elements 0.73345
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10170
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10170
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10170
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1721295
reference_id 1721295
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1721295
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10170
reference_id CVE-2019-10170
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10170
6
reference_url https://github.com/advisories/GHSA-7m27-3587-83xf
reference_id GHSA-7m27-3587-83xf
reference_type
scores
url https://github.com/advisories/GHSA-7m27-3587-83xf
fixed_packages
0
url pkg:npm/keycloak-connect@8.0.0
purl pkg:npm/keycloak-connect@8.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-cwqj-tnbj-3ubh
2
vulnerability VCID-dc8s-fqv5-1uhk
3
vulnerability VCID-wgzd-wv2e-pyhy
4
vulnerability VCID-wt2c-cyu2-kbgm
5
vulnerability VCID-wuh8-4akm-2uae
6
vulnerability VCID-xghp-f8g9-akhn
7
vulnerability VCID-y9de-4w6u-abfa
8
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@8.0.0
aliases CVE-2019-10170, GHSA-7m27-3587-83xf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p1cj-f4de-1qc4
10
url VCID-prsa-264j-mfah
vulnerability_id VCID-prsa-264j-mfah
summary 
Improper Authentication
It was found that Keycloak's SAML broker did not verify missing message signatures. If an attacker modifies the SAML Response and removes the `<Signature>` sections, the message is still accepted, and the message can be modified. An attacker could use this flaw to impersonate other users and gain access to sensitive information.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10201.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10201.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10201
reference_id
reference_type
scores
0
value 0.00136
scoring_system epss
scoring_elements 0.33155
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10201
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10201
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10201
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1728609
reference_id 1728609
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1728609
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10201
reference_id CVE-2019-10201
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10201
5
reference_url https://github.com/advisories/GHSA-4fgq-gq9g-3rw7
reference_id GHSA-4fgq-gq9g-3rw7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4fgq-gq9g-3rw7
6
reference_url https://access.redhat.com/errata/RHSA-2019:2483
reference_id RHSA-2019:2483
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2483
7
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
8
reference_url https://access.redhat.com/errata/RHSA-2020:2366
reference_id RHSA-2020:2366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2366
fixed_packages
0
url pkg:npm/keycloak-connect@7.0.0
purl pkg:npm/keycloak-connect@7.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-2qmw-afpp-7qa8
2
vulnerability VCID-cwqj-tnbj-3ubh
3
vulnerability VCID-dc8s-fqv5-1uhk
4
vulnerability VCID-dx7u-4d6j-cfee
5
vulnerability VCID-kj7x-2shm-fqh1
6
vulnerability VCID-p1cj-f4de-1qc4
7
vulnerability VCID-rt61-271c-nkgk
8
vulnerability VCID-wgzd-wv2e-pyhy
9
vulnerability VCID-wt2c-cyu2-kbgm
10
vulnerability VCID-wuh8-4akm-2uae
11
vulnerability VCID-x24y-5nan-efg3
12
vulnerability VCID-xghp-f8g9-akhn
13
vulnerability VCID-y9de-4w6u-abfa
14
vulnerability VCID-zfgf-9455-d3fe
15
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@7.0.0
aliases CVE-2019-10201, GHSA-4fgq-gq9g-3rw7
risk_score 3.6
exploitability 0.5
weighted_severity 7.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-prsa-264j-mfah
11
url VCID-wgzd-wv2e-pyhy
vulnerability_id VCID-wgzd-wv2e-pyhy
summary 
Improper Restriction of Rendered UI Layers or Frames
A vulnerability was found in all versions of Keycloak where the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1728.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1728.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1728
reference_id
reference_type
scores
0
value 0.00134
scoring_system epss
scoring_elements 0.3248
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1728
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1728
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1728
3
reference_url https://issues.redhat.com/browse/KEYCLOAK-12264
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/KEYCLOAK-12264
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1800585
reference_id 1800585
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1800585
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1728
reference_id CVE-2020-1728
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1728
6
reference_url https://github.com/advisories/GHSA-3gg7-9q2x-79fc
reference_id GHSA-3gg7-9q2x-79fc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3gg7-9q2x-79fc
7
reference_url https://access.redhat.com/errata/RHSA-2020:3495
reference_id RHSA-2020:3495
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3495
8
reference_url https://access.redhat.com/errata/RHSA-2020:3496
reference_id RHSA-2020:3496
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3496
9
reference_url https://access.redhat.com/errata/RHSA-2020:3497
reference_id RHSA-2020:3497
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3497
10
reference_url https://access.redhat.com/errata/RHSA-2020:3501
reference_id RHSA-2020:3501
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3501
11
reference_url https://access.redhat.com/errata/RHSA-2020:3539
reference_id RHSA-2020:3539
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3539
12
reference_url https://access.redhat.com/errata/RHSA-2020:4213
reference_id RHSA-2020:4213
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4213
13
reference_url https://access.redhat.com/errata/RHSA-2020:4252
reference_id RHSA-2020:4252
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4252
fixed_packages
0
url pkg:npm/keycloak-connect@10.0.0
purl pkg:npm/keycloak-connect@10.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6gee-p7fr-1yhy
1
vulnerability VCID-dc8s-fqv5-1uhk
2
vulnerability VCID-wt2c-cyu2-kbgm
3
vulnerability VCID-y9de-4w6u-abfa
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@10.0.0
aliases CVE-2020-1728, GHSA-3gg7-9q2x-79fc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wgzd-wv2e-pyhy
12
url VCID-wt2c-cyu2-kbgm
vulnerability_id VCID-wt2c-cyu2-kbgm
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27838.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27838.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-27838
reference_id
reference_type
scores
0
value 0.85144
scoring_system epss
scoring_elements 0.99371
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-27838
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1906797
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1906797
3
reference_url https://github.com/keycloak/keycloak/commit/9356843c6c3d7097d010b3bb6f91e25fcaba378c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/9356843c6c3d7097d010b3bb6f91e25fcaba378c
4
reference_url https://github.com/keycloak/keycloak/pull/7790
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/7790
5
reference_url https://security.archlinux.org/ASA-202105-6
reference_id ASA-202105-6
reference_type
scores
url https://security.archlinux.org/ASA-202105-6
6
reference_url https://security.archlinux.org/AVG-1926
reference_id AVG-1926
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1926
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-27838
reference_id CVE-2020-27838
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-27838
8
reference_url https://github.com/advisories/GHSA-pcv5-m2wh-66j3
reference_id GHSA-pcv5-m2wh-66j3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pcv5-m2wh-66j3
fixed_packages
aliases CVE-2020-27838, GHSA-pcv5-m2wh-66j3
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wt2c-cyu2-kbgm
13
url VCID-wuh8-4akm-2uae
vulnerability_id VCID-wuh8-4akm-2uae
summary 
Cross-site Scripting
In Keycloak, links to external applications (Application Links) in the admin console are not validated properly and could allow Stored XSS attacks. An authed malicious user could create URLs to trick users in other realms, and possibly conduct further attacks.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1697.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1697.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1697
reference_id
reference_type
scores
0
value 0.00283
scoring_system epss
scoring_elements 0.5192
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1697
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1697
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1697
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1791538
reference_id 1791538
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1791538
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1697
reference_id CVE-2020-1697
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1697
5
reference_url https://github.com/advisories/GHSA-8vf3-4w62-m3pq
reference_id GHSA-8vf3-4w62-m3pq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8vf3-4w62-m3pq
6
reference_url https://access.redhat.com/errata/RHSA-2020:2252
reference_id RHSA-2020:2252
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2252
7
reference_url https://access.redhat.com/errata/RHSA-2020:2905
reference_id RHSA-2020:2905
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2905
fixed_packages
0
url pkg:npm/keycloak-connect@9.0.0
purl pkg:npm/keycloak-connect@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-6gee-p7fr-1yhy
2
vulnerability VCID-dc8s-fqv5-1uhk
3
vulnerability VCID-psus-g9c1-vufx
4
vulnerability VCID-wgzd-wv2e-pyhy
5
vulnerability VCID-wt2c-cyu2-kbgm
6
vulnerability VCID-xghp-f8g9-akhn
7
vulnerability VCID-y9de-4w6u-abfa
8
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@9.0.0
aliases CVE-2020-1697, GHSA-8vf3-4w62-m3pq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wuh8-4akm-2uae
14
url VCID-x24y-5nan-efg3
vulnerability_id VCID-x24y-5nan-efg3
summary 
Improper Privilege Management
A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running the application.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10169.json
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10169.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10169
reference_id
reference_type
scores
0
value 0.00608
scoring_system epss
scoring_elements 0.70086
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10169
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10169
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10169
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://security.snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-568797
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-568797
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1721302
reference_id 1721302
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1721302
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10169
reference_id CVE-2019-10169
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10169
7
reference_url https://github.com/advisories/GHSA-9c24-43p5-fv82
reference_id GHSA-9c24-43p5-fv82
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9c24-43p5-fv82
fixed_packages
0
url pkg:npm/keycloak-connect@8.0.0
purl pkg:npm/keycloak-connect@8.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-cwqj-tnbj-3ubh
2
vulnerability VCID-dc8s-fqv5-1uhk
3
vulnerability VCID-wgzd-wv2e-pyhy
4
vulnerability VCID-wt2c-cyu2-kbgm
5
vulnerability VCID-wuh8-4akm-2uae
6
vulnerability VCID-xghp-f8g9-akhn
7
vulnerability VCID-y9de-4w6u-abfa
8
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@8.0.0
aliases CVE-2019-10169, GHSA-9c24-43p5-fv82
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x24y-5nan-efg3
15
url VCID-xghp-f8g9-akhn
vulnerability_id VCID-xghp-f8g9-akhn
summary 
Incorrect Permission Assignment for Critical Resource
A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1694.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1694.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1694
reference_id
reference_type
scores
0
value 0.00275
scoring_system epss
scoring_elements 0.51179
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1694
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1790759
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1790759
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1694
reference_id CVE-2020-1694
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1694
4
reference_url https://github.com/advisories/GHSA-72j4-94rx-cr6w
reference_id GHSA-72j4-94rx-cr6w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-72j4-94rx-cr6w
5
reference_url https://access.redhat.com/errata/RHSA-2020:2813
reference_id RHSA-2020:2813
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2813
fixed_packages
0
url pkg:npm/keycloak-connect@10.0.0
purl pkg:npm/keycloak-connect@10.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6gee-p7fr-1yhy
1
vulnerability VCID-dc8s-fqv5-1uhk
2
vulnerability VCID-wt2c-cyu2-kbgm
3
vulnerability VCID-y9de-4w6u-abfa
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@10.0.0
aliases CVE-2020-1694, GHSA-72j4-94rx-cr6w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xghp-f8g9-akhn
16
url VCID-y9de-4w6u-abfa
vulnerability_id VCID-y9de-4w6u-abfa
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10776
reference_id
reference_type
scores
0
value 0.00271
scoring_system epss
scoring_elements 0.50741
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10776
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1847428
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1847428
3
reference_url https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10776
reference_id CVE-2020-10776
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10776
5
reference_url https://github.com/advisories/GHSA-484q-784p-8m5h
reference_id GHSA-484q-784p-8m5h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-484q-784p-8m5h
6
reference_url https://access.redhat.com/errata/RHSA-2020:4929
reference_id RHSA-2020:4929
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4929
7
reference_url https://access.redhat.com/errata/RHSA-2020:4930
reference_id RHSA-2020:4930
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4930
8
reference_url https://access.redhat.com/errata/RHSA-2020:4931
reference_id RHSA-2020:4931
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4931
9
reference_url https://access.redhat.com/errata/RHSA-2020:4932
reference_id RHSA-2020:4932
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4932
fixed_packages
0
url pkg:npm/keycloak-connect@12.0.0
purl pkg:npm/keycloak-connect@12.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6gee-p7fr-1yhy
1
vulnerability VCID-pu4g-rbu2-nbdb
2
vulnerability VCID-wt2c-cyu2-kbgm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@12.0.0
aliases CVE-2020-10776, GHSA-484q-784p-8m5h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y9de-4w6u-abfa
17
url VCID-zfgf-9455-d3fe
vulnerability_id VCID-zfgf-9455-d3fe
summary 
Information Exposure
It was found that keycloak exposes internal adapter endpoints in `org.keycloak.constants.AdapterConstants`, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14820.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14820.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14820
reference_id
reference_type
scores
0
value 0.0031
scoring_system epss
scoring_elements 0.54489
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14820
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14820
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14820
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1649870
reference_id 1649870
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1649870
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14820
reference_id CVE-2019-14820
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14820
5
reference_url https://github.com/advisories/GHSA-xfqh-7356-vqjj
reference_id GHSA-xfqh-7356-vqjj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xfqh-7356-vqjj
6
reference_url https://access.redhat.com/errata/RHSA-2019:3048
reference_id RHSA-2019:3048
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3048
7
reference_url https://access.redhat.com/errata/RHSA-2019:3049
reference_id RHSA-2019:3049
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3049
8
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
fixed_packages
0
url pkg:npm/keycloak-connect@8.0.0
purl pkg:npm/keycloak-connect@8.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-cwqj-tnbj-3ubh
2
vulnerability VCID-dc8s-fqv5-1uhk
3
vulnerability VCID-wgzd-wv2e-pyhy
4
vulnerability VCID-wt2c-cyu2-kbgm
5
vulnerability VCID-wuh8-4akm-2uae
6
vulnerability VCID-xghp-f8g9-akhn
7
vulnerability VCID-y9de-4w6u-abfa
8
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@8.0.0
aliases CVE-2019-14820, GHSA-xfqh-7356-vqjj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zfgf-9455-d3fe
18
url VCID-zkxq-ejyr-8ba8
vulnerability_id VCID-zkxq-ejyr-8ba8
summary 
Improper Handling of Exceptional Conditions
A flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1744.json
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1744.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1744
reference_id
reference_type
scores
0
value 0.00192
scoring_system epss
scoring_elements 0.40898
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1744
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1744
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1744
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1805792
reference_id 1805792
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1805792
5
reference_url https://access.redhat.com/security/cve/CVE-2020-1744
reference_id CVE-2020-1744
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2020-1744
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1744
reference_id CVE-2020-1744
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1744
7
reference_url https://github.com/advisories/GHSA-4gf2-xv97-63m2
reference_id GHSA-4gf2-xv97-63m2
reference_type
scores
url https://github.com/advisories/GHSA-4gf2-xv97-63m2
8
reference_url https://access.redhat.com/errata/RHSA-2020:0945
reference_id RHSA-2020:0945
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0945
9
reference_url https://access.redhat.com/errata/RHSA-2020:0946
reference_id RHSA-2020:0946
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0946
10
reference_url https://access.redhat.com/errata/RHSA-2020:0947
reference_id RHSA-2020:0947
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0947
11
reference_url https://access.redhat.com/errata/RHSA-2020:0951
reference_id RHSA-2020:0951
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0951
12
reference_url https://access.redhat.com/errata/RHSA-2020:2252
reference_id RHSA-2020:2252
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2252
13
reference_url https://access.redhat.com/errata/RHSA-2020:2905
reference_id RHSA-2020:2905
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2905
fixed_packages
0
url pkg:npm/keycloak-connect@9.0.2
purl pkg:npm/keycloak-connect@9.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6gee-p7fr-1yhy
1
vulnerability VCID-dc8s-fqv5-1uhk
2
vulnerability VCID-wgzd-wv2e-pyhy
3
vulnerability VCID-wt2c-cyu2-kbgm
4
vulnerability VCID-xghp-f8g9-akhn
5
vulnerability VCID-y9de-4w6u-abfa
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@9.0.2
aliases CVE-2020-1744, GHSA-4gf2-xv97-63m2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zkxq-ejyr-8ba8
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@4.7.0