Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:alpm/archlinux/keycloak@15.0.2-1
Typealpm
Namespacearchlinux
Namekeycloak
Version15.0.2-1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version16.0.0-1
Latest_non_vulnerable_version16.0.0-1
Affected_by_vulnerabilities
0
url VCID-3248-31p8-tyd4
vulnerability_id VCID-3248-31p8-tyd4
summary 
Incorrect Authorization
A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1725
reference_id
reference_type
scores
0
value 0.00115
scoring_system epss
scoring_elements 0.30044
published_at 2026-04-21T12:55:00Z
1
value 0.00115
scoring_system epss
scoring_elements 0.30272
published_at 2026-04-04T12:55:00Z
2
value 0.00115
scoring_system epss
scoring_elements 0.3009
published_at 2026-04-18T12:55:00Z
3
value 0.00115
scoring_system epss
scoring_elements 0.3015
published_at 2026-04-08T12:55:00Z
4
value 0.00115
scoring_system epss
scoring_elements 0.30186
published_at 2026-04-09T12:55:00Z
5
value 0.00115
scoring_system epss
scoring_elements 0.30188
published_at 2026-04-11T12:55:00Z
6
value 0.00115
scoring_system epss
scoring_elements 0.30145
published_at 2026-04-12T12:55:00Z
7
value 0.00115
scoring_system epss
scoring_elements 0.30095
published_at 2026-04-13T12:55:00Z
8
value 0.00115
scoring_system epss
scoring_elements 0.3011
published_at 2026-04-16T12:55:00Z
9
value 0.00115
scoring_system epss
scoring_elements 0.30193
published_at 2026-04-01T12:55:00Z
10
value 0.00115
scoring_system epss
scoring_elements 0.30223
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1725
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1765129
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1765129
3
reference_url https://issues.redhat.com/browse/KEYCLOAK-16550
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/KEYCLOAK-16550
4
reference_url https://security.archlinux.org/AVG-1332
reference_id AVG-1332
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1332
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1725
reference_id CVE-2020-1725
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1725
6
reference_url https://github.com/advisories/GHSA-p225-pc2x-4jpm
reference_id GHSA-p225-pc2x-4jpm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p225-pc2x-4jpm
fixed_packages
0
url pkg:alpm/archlinux/keycloak@16.0.0-1
purl pkg:alpm/archlinux/keycloak@16.0.0-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/keycloak@16.0.0-1
aliases CVE-2020-1725, GHSA-p225-pc2x-4jpm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3248-31p8-tyd4
1
url VCID-6ure-3hgz-xfgn
vulnerability_id VCID-6ure-3hgz-xfgn
summary 
Authentication Bypass by Primary Weakness
A vulnerability was found in all versions of keycloak, where on using lower case HTTP headers (via cURL) we can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we put a Gatekeeper in front of a Jetty server and use lowercase headers.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14359.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14359.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-14359
reference_id
reference_type
scores
0
value 0.00259
scoring_system epss
scoring_elements 0.49254
published_at 2026-04-21T12:55:00Z
1
value 0.00259
scoring_system epss
scoring_elements 0.49183
published_at 2026-04-01T12:55:00Z
2
value 0.00259
scoring_system epss
scoring_elements 0.49215
published_at 2026-04-02T12:55:00Z
3
value 0.00259
scoring_system epss
scoring_elements 0.49243
published_at 2026-04-04T12:55:00Z
4
value 0.00259
scoring_system epss
scoring_elements 0.49194
published_at 2026-04-07T12:55:00Z
5
value 0.00259
scoring_system epss
scoring_elements 0.49249
published_at 2026-04-08T12:55:00Z
6
value 0.00259
scoring_system epss
scoring_elements 0.49246
published_at 2026-04-09T12:55:00Z
7
value 0.00259
scoring_system epss
scoring_elements 0.49263
published_at 2026-04-11T12:55:00Z
8
value 0.00259
scoring_system epss
scoring_elements 0.49236
published_at 2026-04-12T12:55:00Z
9
value 0.00259
scoring_system epss
scoring_elements 0.49241
published_at 2026-04-13T12:55:00Z
10
value 0.00259
scoring_system epss
scoring_elements 0.49288
published_at 2026-04-16T12:55:00Z
11
value 0.00259
scoring_system epss
scoring_elements 0.49284
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-14359
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1868591
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1868591
3
reference_url https://github.com/keycloak/keycloak-gatekeeper
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak-gatekeeper
4
reference_url https://github.com/keycloak/keycloak/issues/12934
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/12934
5
reference_url https://issues.jboss.org/browse/KEYCLOAK-14090
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.jboss.org/browse/KEYCLOAK-14090
6
reference_url https://web.archive.org/web/20190613000352/github.com/keycloak/keycloak-gatekeeper
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20190613000352/github.com/keycloak/keycloak-gatekeeper
7
reference_url https://security.archlinux.org/AVG-1332
reference_id AVG-1332
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1332
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-14359
reference_id CVE-2020-14359
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-14359
9
reference_url https://github.com/advisories/GHSA-jh6m-3pqw-242h
reference_id GHSA-jh6m-3pqw-242h
reference_type
scores
url https://github.com/advisories/GHSA-jh6m-3pqw-242h
fixed_packages
0
url pkg:alpm/archlinux/keycloak@16.0.0-1
purl pkg:alpm/archlinux/keycloak@16.0.0-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/keycloak@16.0.0-1
aliases CVE-2020-14359, GHSA-jh6m-3pqw-242h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ure-3hgz-xfgn
2
url VCID-7nv2-691y-13a1
vulnerability_id VCID-7nv2-691y-13a1
summary keycloak: logout endpoint /oauth/logout?redirect=url can be abused to redirect logged in users to arbitrary web pages
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1723.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1723.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1723
reference_id
reference_type
scores
0
value 0.00155
scoring_system epss
scoring_elements 0.36144
published_at 2026-04-01T12:55:00Z
1
value 0.00155
scoring_system epss
scoring_elements 0.36339
published_at 2026-04-02T12:55:00Z
2
value 0.00155
scoring_system epss
scoring_elements 0.36372
published_at 2026-04-04T12:55:00Z
3
value 0.00155
scoring_system epss
scoring_elements 0.36207
published_at 2026-04-07T12:55:00Z
4
value 0.00155
scoring_system epss
scoring_elements 0.36256
published_at 2026-04-08T12:55:00Z
5
value 0.00155
scoring_system epss
scoring_elements 0.36275
published_at 2026-04-09T12:55:00Z
6
value 0.00155
scoring_system epss
scoring_elements 0.3628
published_at 2026-04-11T12:55:00Z
7
value 0.00155
scoring_system epss
scoring_elements 0.36243
published_at 2026-04-12T12:55:00Z
8
value 0.00155
scoring_system epss
scoring_elements 0.36219
published_at 2026-04-13T12:55:00Z
9
value 0.00155
scoring_system epss
scoring_elements 0.36262
published_at 2026-04-16T12:55:00Z
10
value 0.00155
scoring_system epss
scoring_elements 0.36246
published_at 2026-04-18T12:55:00Z
11
value 0.00155
scoring_system epss
scoring_elements 0.36195
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1723
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1770276
reference_id 1770276
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1770276
3
reference_url https://security.archlinux.org/AVG-1332
reference_id AVG-1332
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1332
fixed_packages
0
url pkg:alpm/archlinux/keycloak@16.0.0-1
purl pkg:alpm/archlinux/keycloak@16.0.0-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/keycloak@16.0.0-1
aliases CVE-2020-1723
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7nv2-691y-13a1
3
url VCID-8zrg-f41g-pqfk
vulnerability_id VCID-8zrg-f41g-pqfk
summary 
ECP SAML binding bypasses authentication flows
### Description
A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The highest threat from this vulnerability is to confidentiality and integrity.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3827.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3827.json
1
reference_url https://access.redhat.com/security/cve/CVE-2021-3827
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2021-3827
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3827
reference_id
reference_type
scores
0
value 0.00208
scoring_system epss
scoring_elements 0.43294
published_at 2026-04-16T12:55:00Z
1
value 0.00208
scoring_system epss
scoring_elements 0.43233
published_at 2026-04-13T12:55:00Z
2
value 0.00208
scoring_system epss
scoring_elements 0.43248
published_at 2026-04-12T12:55:00Z
3
value 0.00208
scoring_system epss
scoring_elements 0.4328
published_at 2026-04-11T12:55:00Z
4
value 0.00208
scoring_system epss
scoring_elements 0.4326
published_at 2026-04-09T12:55:00Z
5
value 0.00208
scoring_system epss
scoring_elements 0.43259
published_at 2026-04-04T12:55:00Z
6
value 0.00208
scoring_system epss
scoring_elements 0.43218
published_at 2026-04-21T12:55:00Z
7
value 0.00208
scoring_system epss
scoring_elements 0.43283
published_at 2026-04-18T12:55:00Z
8
value 0.00208
scoring_system epss
scoring_elements 0.43174
published_at 2026-04-01T12:55:00Z
9
value 0.00208
scoring_system epss
scoring_elements 0.4323
published_at 2026-04-02T12:55:00Z
10
value 0.00208
scoring_system epss
scoring_elements 0.43247
published_at 2026-04-08T12:55:00Z
11
value 0.00208
scoring_system epss
scoring_elements 0.43196
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3827
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2007512
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2007512
4
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
5
reference_url https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3827
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3827
7
reference_url https://security.archlinux.org/AVG-1332
reference_id AVG-1332
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1332
8
reference_url https://github.com/advisories/GHSA-4pc7-vqv5-5r3v
reference_id GHSA-4pc7-vqv5-5r3v
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4pc7-vqv5-5r3v
9
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-4pc7-vqv5-5r3v
reference_id GHSA-4pc7-vqv5-5r3v
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-4pc7-vqv5-5r3v
10
reference_url https://access.redhat.com/errata/RHSA-2022:0151
reference_id RHSA-2022:0151
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0151
11
reference_url https://access.redhat.com/errata/RHSA-2022:0152
reference_id RHSA-2022:0152
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0152
12
reference_url https://access.redhat.com/errata/RHSA-2022:0155
reference_id RHSA-2022:0155
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0155
13
reference_url https://access.redhat.com/errata/RHSA-2022:0164
reference_id RHSA-2022:0164
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0164
fixed_packages
0
url pkg:alpm/archlinux/keycloak@16.0.0-1
purl pkg:alpm/archlinux/keycloak@16.0.0-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/keycloak@16.0.0-1
aliases CVE-2021-3827, GHSA-4pc7-vqv5-5r3v, GMS-2022-1098
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8zrg-f41g-pqfk
4
url VCID-98yf-g4d3-u3g8
vulnerability_id VCID-98yf-g4d3-u3g8
summary 
Keycloak is vulnerable to IDN homograph attack
A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible. A malicious user can register himself with a name already registered and trick admin to grant him extra privileges.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3424.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3424.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3424
reference_id
reference_type
scores
0
value 0.00164
scoring_system epss
scoring_elements 0.37248
published_at 2026-04-21T12:55:00Z
1
value 0.00164
scoring_system epss
scoring_elements 0.37261
published_at 2026-04-07T12:55:00Z
2
value 0.00164
scoring_system epss
scoring_elements 0.37312
published_at 2026-04-08T12:55:00Z
3
value 0.00164
scoring_system epss
scoring_elements 0.37324
published_at 2026-04-09T12:55:00Z
4
value 0.00164
scoring_system epss
scoring_elements 0.37335
published_at 2026-04-11T12:55:00Z
5
value 0.00164
scoring_system epss
scoring_elements 0.37301
published_at 2026-04-12T12:55:00Z
6
value 0.00164
scoring_system epss
scoring_elements 0.37273
published_at 2026-04-13T12:55:00Z
7
value 0.00164
scoring_system epss
scoring_elements 0.3732
published_at 2026-04-16T12:55:00Z
8
value 0.00164
scoring_system epss
scoring_elements 0.37303
published_at 2026-04-18T12:55:00Z
9
value 0.00164
scoring_system epss
scoring_elements 0.37242
published_at 2026-04-01T12:55:00Z
10
value 0.00164
scoring_system epss
scoring_elements 0.37408
published_at 2026-04-02T12:55:00Z
11
value 0.00164
scoring_system epss
scoring_elements 0.37432
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3424
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1933320
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1933320
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://security.archlinux.org/AVG-1332
reference_id AVG-1332
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1332
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3424
reference_id CVE-2021-3424
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3424
6
reference_url https://github.com/advisories/GHSA-pf38-cw3p-22q9
reference_id GHSA-pf38-cw3p-22q9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pf38-cw3p-22q9
7
reference_url https://access.redhat.com/errata/RHSA-2021:2063
reference_id RHSA-2021:2063
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2063
8
reference_url https://access.redhat.com/errata/RHSA-2021:2064
reference_id RHSA-2021:2064
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2064
9
reference_url https://access.redhat.com/errata/RHSA-2021:2065
reference_id RHSA-2021:2065
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2065
10
reference_url https://access.redhat.com/errata/RHSA-2021:2070
reference_id RHSA-2021:2070
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2070
fixed_packages
0
url pkg:alpm/archlinux/keycloak@16.0.0-1
purl pkg:alpm/archlinux/keycloak@16.0.0-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/keycloak@16.0.0-1
aliases CVE-2021-3424, GHSA-pf38-cw3p-22q9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-98yf-g4d3-u3g8
5
url VCID-d1ua-u2v7-jqf8
vulnerability_id VCID-d1ua-u2v7-jqf8
summary 
Keycloak Missing authentication for critical function
A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. This flaw allows an attacker to take over an account if they can obtain temporary, physical access to a user’s browser. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20262.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20262.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20262
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.13424
published_at 2026-04-21T12:55:00Z
1
value 0.00044
scoring_system epss
scoring_elements 0.13547
published_at 2026-04-09T12:55:00Z
2
value 0.00044
scoring_system epss
scoring_elements 0.13521
published_at 2026-04-11T12:55:00Z
3
value 0.00044
scoring_system epss
scoring_elements 0.13483
published_at 2026-04-12T12:55:00Z
4
value 0.00044
scoring_system epss
scoring_elements 0.13437
published_at 2026-04-13T12:55:00Z
5
value 0.00044
scoring_system epss
scoring_elements 0.1335
published_at 2026-04-16T12:55:00Z
6
value 0.00044
scoring_system epss
scoring_elements 0.13348
published_at 2026-04-18T12:55:00Z
7
value 0.00044
scoring_system epss
scoring_elements 0.13458
published_at 2026-04-01T12:55:00Z
8
value 0.00044
scoring_system epss
scoring_elements 0.13558
published_at 2026-04-02T12:55:00Z
9
value 0.00044
scoring_system epss
scoring_elements 0.1362
published_at 2026-04-04T12:55:00Z
10
value 0.00044
scoring_system epss
scoring_elements 0.13417
published_at 2026-04-07T12:55:00Z
11
value 0.00044
scoring_system epss
scoring_elements 0.13499
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20262
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1933639
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1933639
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-20262
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-20262
4
reference_url https://security.archlinux.org/AVG-1332
reference_id AVG-1332
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1332
5
reference_url https://github.com/advisories/GHSA-xf46-8vvp-4hxx
reference_id GHSA-xf46-8vvp-4hxx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xf46-8vvp-4hxx
fixed_packages
0
url pkg:alpm/archlinux/keycloak@16.0.0-1
purl pkg:alpm/archlinux/keycloak@16.0.0-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/keycloak@16.0.0-1
aliases CVE-2021-20262, GHSA-xf46-8vvp-4hxx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d1ua-u2v7-jqf8
6
url VCID-gndk-728r-9yh7
vulnerability_id VCID-gndk-728r-9yh7
summary 
Keycloak allows anyone to register new security device or key for any user by using WebAuthn password-less login flow
A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json
1
reference_url https://access.redhat.com/security/cve/CVE-2021-3632
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2021-3632
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3632
reference_id
reference_type
scores
0
value 0.00503
scoring_system epss
scoring_elements 0.66125
published_at 2026-04-21T12:55:00Z
1
value 0.00503
scoring_system epss
scoring_elements 0.66012
published_at 2026-04-01T12:55:00Z
2
value 0.00503
scoring_system epss
scoring_elements 0.66055
published_at 2026-04-02T12:55:00Z
3
value 0.00503
scoring_system epss
scoring_elements 0.66083
published_at 2026-04-04T12:55:00Z
4
value 0.00503
scoring_system epss
scoring_elements 0.66049
published_at 2026-04-07T12:55:00Z
5
value 0.00503
scoring_system epss
scoring_elements 0.66098
published_at 2026-04-08T12:55:00Z
6
value 0.00503
scoring_system epss
scoring_elements 0.6611
published_at 2026-04-09T12:55:00Z
7
value 0.00503
scoring_system epss
scoring_elements 0.66129
published_at 2026-04-11T12:55:00Z
8
value 0.00503
scoring_system epss
scoring_elements 0.66117
published_at 2026-04-12T12:55:00Z
9
value 0.00503
scoring_system epss
scoring_elements 0.66087
published_at 2026-04-13T12:55:00Z
10
value 0.00503
scoring_system epss
scoring_elements 0.66123
published_at 2026-04-16T12:55:00Z
11
value 0.00503
scoring_system epss
scoring_elements 0.66137
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3632
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1978196
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1978196
4
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
5
reference_url https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4
6
reference_url https://github.com/keycloak/keycloak/pull/8203
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/8203
7
reference_url https://issues.redhat.com/browse/KEYCLOAK-18500
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/KEYCLOAK-18500
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3632
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3632
9
reference_url https://security.archlinux.org/AVG-1332
reference_id AVG-1332
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1332
10
reference_url https://github.com/advisories/GHSA-qpq9-jpv4-6gwr
reference_id GHSA-qpq9-jpv4-6gwr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qpq9-jpv4-6gwr
11
reference_url https://access.redhat.com/errata/RHSA-2021:3527
reference_id RHSA-2021:3527
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3527
12
reference_url https://access.redhat.com/errata/RHSA-2021:3528
reference_id RHSA-2021:3528
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3528
13
reference_url https://access.redhat.com/errata/RHSA-2021:3529
reference_id RHSA-2021:3529
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3529
14
reference_url https://access.redhat.com/errata/RHSA-2021:3534
reference_id RHSA-2021:3534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3534
fixed_packages
0
url pkg:alpm/archlinux/keycloak@16.0.0-1
purl pkg:alpm/archlinux/keycloak@16.0.0-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/keycloak@16.0.0-1
aliases CVE-2021-3632, GHSA-qpq9-jpv4-6gwr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gndk-728r-9yh7
7
url VCID-hp5p-7wxk-v3eu
vulnerability_id VCID-hp5p-7wxk-v3eu
summary 
Cross-Site Request Forgery (CSRF)
A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. Versions shipped with Red Hat Fuse 7, Red Hat Single Sign-on 7, and Red Hat Openshift Application Runtimes are believed to be vulnerable.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10734.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10734.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10734
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05335
published_at 2026-04-21T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.05137
published_at 2026-04-01T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.05184
published_at 2026-04-02T12:55:00Z
3
value 0.0002
scoring_system epss
scoring_elements 0.05213
published_at 2026-04-04T12:55:00Z
4
value 0.0002
scoring_system epss
scoring_elements 0.05236
published_at 2026-04-07T12:55:00Z
5
value 0.0002
scoring_system epss
scoring_elements 0.05271
published_at 2026-04-08T12:55:00Z
6
value 0.0002
scoring_system epss
scoring_elements 0.05291
published_at 2026-04-09T12:55:00Z
7
value 0.0002
scoring_system epss
scoring_elements 0.05259
published_at 2026-04-11T12:55:00Z
8
value 0.0002
scoring_system epss
scoring_elements 0.05243
published_at 2026-04-12T12:55:00Z
9
value 0.0002
scoring_system epss
scoring_elements 0.05231
published_at 2026-04-13T12:55:00Z
10
value 0.0002
scoring_system epss
scoring_elements 0.05176
published_at 2026-04-16T12:55:00Z
11
value 0.0002
scoring_system epss
scoring_elements 0.0518
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10734
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1831662
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1831662
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://issues.redhat.com/browse/KEYCLOAK-13653
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/KEYCLOAK-13653
5
reference_url https://security.archlinux.org/AVG-1332
reference_id AVG-1332
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1332
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10734
reference_id CVE-2020-10734
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10734
7
reference_url https://github.com/advisories/GHSA-rvjg-gxwx-j5gf
reference_id GHSA-rvjg-gxwx-j5gf
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rvjg-gxwx-j5gf
8
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-rvjg-gxwx-j5gf
reference_id GHSA-rvjg-gxwx-j5gf
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-rvjg-gxwx-j5gf
fixed_packages
0
url pkg:alpm/archlinux/keycloak@16.0.0-1
purl pkg:alpm/archlinux/keycloak@16.0.0-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/keycloak@16.0.0-1
aliases CVE-2020-10734, GHSA-rvjg-gxwx-j5gf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hp5p-7wxk-v3eu
8
url VCID-jprv-e2zb-v7bb
vulnerability_id VCID-jprv-e2zb-v7bb
summary 
Generation of Error Message Containing Sensitive Information
A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1717.json
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1717.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1717
reference_id
reference_type
scores
0
value 0.00183
scoring_system epss
scoring_elements 0.39961
published_at 2026-04-21T12:55:00Z
1
value 0.00183
scoring_system epss
scoring_elements 0.39997
published_at 2026-04-07T12:55:00Z
2
value 0.00183
scoring_system epss
scoring_elements 0.4005
published_at 2026-04-08T12:55:00Z
3
value 0.00183
scoring_system epss
scoring_elements 0.40064
published_at 2026-04-09T12:55:00Z
4
value 0.00183
scoring_system epss
scoring_elements 0.40075
published_at 2026-04-11T12:55:00Z
5
value 0.00183
scoring_system epss
scoring_elements 0.40038
published_at 2026-04-12T12:55:00Z
6
value 0.00183
scoring_system epss
scoring_elements 0.40018
published_at 2026-04-13T12:55:00Z
7
value 0.00183
scoring_system epss
scoring_elements 0.40068
published_at 2026-04-16T12:55:00Z
8
value 0.00183
scoring_system epss
scoring_elements 0.40039
published_at 2026-04-18T12:55:00Z
9
value 0.00183
scoring_system epss
scoring_elements 0.39902
published_at 2026-04-01T12:55:00Z
10
value 0.00183
scoring_system epss
scoring_elements 0.40049
published_at 2026-04-02T12:55:00Z
11
value 0.00183
scoring_system epss
scoring_elements 0.40076
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1717
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1796281
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1796281
3
reference_url https://issues.jboss.org/browse/KEYCLOAK-12014
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://issues.jboss.org/browse/KEYCLOAK-12014
4
reference_url https://security.archlinux.org/AVG-1332
reference_id AVG-1332
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1332
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1717
reference_id CVE-2020-1717
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1717
6
reference_url https://github.com/advisories/GHSA-rvfc-g8j5-9ccf
reference_id GHSA-rvfc-g8j5-9ccf
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rvfc-g8j5-9ccf
fixed_packages
0
url pkg:alpm/archlinux/keycloak@16.0.0-1
purl pkg:alpm/archlinux/keycloak@16.0.0-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/keycloak@16.0.0-1
aliases CVE-2020-1717, GHSA-rvfc-g8j5-9ccf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jprv-e2zb-v7bb
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/keycloak@15.0.2-1