Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.keycloak/keycloak-parent@12.0.0
Typemaven
Namespaceorg.keycloak
Namekeycloak-parent
Version12.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-14c3-xa9j-mbab
vulnerability_id VCID-14c3-xa9j-mbab
summary 
Incorrect implementation of lockout feature in Keycloak
A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnerability is to confidentiality.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3513.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3513.json
1
reference_url https://access.redhat.com/security/cve/CVE-2021-3513
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2021-3513
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3513
reference_id
reference_type
scores
0
value 0.00201
scoring_system epss
scoring_elements 0.42201
published_at 2026-04-18T12:55:00Z
1
value 0.00201
scoring_system epss
scoring_elements 0.42238
published_at 2026-04-11T12:55:00Z
2
value 0.00201
scoring_system epss
scoring_elements 0.42214
published_at 2026-04-09T12:55:00Z
3
value 0.00201
scoring_system epss
scoring_elements 0.42189
published_at 2026-04-02T12:55:00Z
4
value 0.00201
scoring_system epss
scoring_elements 0.42225
published_at 2026-04-16T12:55:00Z
5
value 0.00201
scoring_system epss
scoring_elements 0.42174
published_at 2026-04-13T12:55:00Z
6
value 0.00201
scoring_system epss
scoring_elements 0.42156
published_at 2026-04-07T12:55:00Z
7
value 0.00201
scoring_system epss
scoring_elements 0.42216
published_at 2026-04-04T12:55:00Z
8
value 0.00201
scoring_system epss
scoring_elements 0.42207
published_at 2026-04-08T12:55:00Z
9
value 0.00201
scoring_system epss
scoring_elements 0.4213
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3513
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1953439
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1953439
4
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
5
reference_url https://github.com/keycloak/keycloak/pull/7976
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/7976
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3513
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3513
7
reference_url https://security.archlinux.org/ASA-202105-6
reference_id ASA-202105-6
reference_type
scores
url https://security.archlinux.org/ASA-202105-6
8
reference_url https://security.archlinux.org/AVG-1926
reference_id AVG-1926
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1926
9
reference_url https://github.com/advisories/GHSA-xv7h-95r7-595j
reference_id GHSA-xv7h-95r7-595j
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xv7h-95r7-595j
10
reference_url https://access.redhat.com/errata/RHSA-2021:3527
reference_id RHSA-2021:3527
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3527
11
reference_url https://access.redhat.com/errata/RHSA-2021:3528
reference_id RHSA-2021:3528
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3528
12
reference_url https://access.redhat.com/errata/RHSA-2021:3529
reference_id RHSA-2021:3529
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3529
13
reference_url https://access.redhat.com/errata/RHSA-2021:3534
reference_id RHSA-2021:3534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3534
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@13.0.0
purl pkg:maven/org.keycloak/keycloak-parent@13.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jpe-awam-wqdz
1
vulnerability VCID-7z49-f322-n7g8
2
vulnerability VCID-8cmx-d3j7-vqbz
3
vulnerability VCID-8zrg-f41g-pqfk
4
vulnerability VCID-cabc-jrpz-vuad
5
vulnerability VCID-dxj3-8sk5-mfdy
6
vulnerability VCID-gndk-728r-9yh7
7
vulnerability VCID-jkh6-bvx2-dycm
8
vulnerability VCID-nhe2-8dtq-gqbf
9
vulnerability VCID-u3tj-vmem-jbb9
10
vulnerability VCID-umcf-t6w5-juha
11
vulnerability VCID-xauc-r9cm-sycu
12
vulnerability VCID-xdfe-9zr4-47ax
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@13.0.0
aliases CVE-2021-3513, GHSA-xv7h-95r7-595j
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-14c3-xa9j-mbab
1
url VCID-3248-31p8-tyd4
vulnerability_id VCID-3248-31p8-tyd4
summary 
Incorrect Authorization
A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1725
reference_id
reference_type
scores
0
value 0.00115
scoring_system epss
scoring_elements 0.3011
published_at 2026-04-16T12:55:00Z
1
value 0.00115
scoring_system epss
scoring_elements 0.30188
published_at 2026-04-11T12:55:00Z
2
value 0.00115
scoring_system epss
scoring_elements 0.30272
published_at 2026-04-04T12:55:00Z
3
value 0.00115
scoring_system epss
scoring_elements 0.3009
published_at 2026-04-18T12:55:00Z
4
value 0.00115
scoring_system epss
scoring_elements 0.3015
published_at 2026-04-08T12:55:00Z
5
value 0.00115
scoring_system epss
scoring_elements 0.30186
published_at 2026-04-09T12:55:00Z
6
value 0.00115
scoring_system epss
scoring_elements 0.30145
published_at 2026-04-12T12:55:00Z
7
value 0.00115
scoring_system epss
scoring_elements 0.30193
published_at 2026-04-01T12:55:00Z
8
value 0.00115
scoring_system epss
scoring_elements 0.30095
published_at 2026-04-13T12:55:00Z
9
value 0.00115
scoring_system epss
scoring_elements 0.30223
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1725
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1765129
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1765129
3
reference_url https://issues.redhat.com/browse/KEYCLOAK-16550
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/KEYCLOAK-16550
4
reference_url https://security.archlinux.org/AVG-1332
reference_id AVG-1332
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1332
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1725
reference_id CVE-2020-1725
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1725
6
reference_url https://github.com/advisories/GHSA-p225-pc2x-4jpm
reference_id GHSA-p225-pc2x-4jpm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p225-pc2x-4jpm
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@13.0.0
purl pkg:maven/org.keycloak/keycloak-parent@13.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jpe-awam-wqdz
1
vulnerability VCID-7z49-f322-n7g8
2
vulnerability VCID-8cmx-d3j7-vqbz
3
vulnerability VCID-8zrg-f41g-pqfk
4
vulnerability VCID-cabc-jrpz-vuad
5
vulnerability VCID-dxj3-8sk5-mfdy
6
vulnerability VCID-gndk-728r-9yh7
7
vulnerability VCID-jkh6-bvx2-dycm
8
vulnerability VCID-nhe2-8dtq-gqbf
9
vulnerability VCID-u3tj-vmem-jbb9
10
vulnerability VCID-umcf-t6w5-juha
11
vulnerability VCID-xauc-r9cm-sycu
12
vulnerability VCID-xdfe-9zr4-47ax
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@13.0.0
aliases CVE-2020-1725, GHSA-p225-pc2x-4jpm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3248-31p8-tyd4
2
url VCID-3jpe-awam-wqdz
vulnerability_id VCID-3jpe-awam-wqdz
summary 
Keycloak has Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters (such as tabs) as separators and tolerates case variations that deviate from RFC 6750 specifications.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/
url https://access.redhat.com/errata/RHSA-2026:3947
1
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/
url https://access.redhat.com/errata/RHSA-2026:3948
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0707.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0707.json
3
reference_url https://access.redhat.com/security/cve/CVE-2026-0707
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/
url https://access.redhat.com/security/cve/CVE-2026-0707
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-0707
reference_id
reference_type
scores
0
value 0.00029
scoring_system epss
scoring_elements 0.08113
published_at 2026-04-18T12:55:00Z
1
value 0.00029
scoring_system epss
scoring_elements 0.08248
published_at 2026-04-04T12:55:00Z
2
value 0.00029
scoring_system epss
scoring_elements 0.08196
published_at 2026-04-07T12:55:00Z
3
value 0.00029
scoring_system epss
scoring_elements 0.0826
published_at 2026-04-08T12:55:00Z
4
value 0.00029
scoring_system epss
scoring_elements 0.0828
published_at 2026-04-09T12:55:00Z
5
value 0.00029
scoring_system epss
scoring_elements 0.0827
published_at 2026-04-11T12:55:00Z
6
value 0.00029
scoring_system epss
scoring_elements 0.08251
published_at 2026-04-12T12:55:00Z
7
value 0.00029
scoring_system epss
scoring_elements 0.08233
published_at 2026-04-13T12:55:00Z
8
value 0.00029
scoring_system epss
scoring_elements 0.08127
published_at 2026-04-16T12:55:00Z
9
value 0.00029
scoring_system epss
scoring_elements 0.08195
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-0707
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2427768
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2427768
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-0707
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-0707
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
9
reference_url https://github.com/advisories/GHSA-gv94-wp4h-vv8p
reference_id GHSA-gv94-wp4h-vv8p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gv94-wp4h-vv8p
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@26.5.1
purl pkg:maven/org.keycloak/keycloak-parent@26.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jkh6-bvx2-dycm
1
vulnerability VCID-umcf-t6w5-juha
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@26.5.1
aliases CVE-2026-0707, GHSA-gv94-wp4h-vv8p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3jpe-awam-wqdz
3
url VCID-546n-kc1p-cyhm
vulnerability_id VCID-546n-kc1p-cyhm
summary 
Code injection in keycloak
A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20222.json
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20222.json
1
reference_url https://access.redhat.com/security/cve/cve-2021-20222
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/cve-2021-20222
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20222
reference_id
reference_type
scores
0
value 0.0044
scoring_system epss
scoring_elements 0.63236
published_at 2026-04-11T12:55:00Z
1
value 0.0044
scoring_system epss
scoring_elements 0.63227
published_at 2026-04-18T12:55:00Z
2
value 0.0044
scoring_system epss
scoring_elements 0.63185
published_at 2026-04-04T12:55:00Z
3
value 0.0044
scoring_system epss
scoring_elements 0.6315
published_at 2026-04-07T12:55:00Z
4
value 0.0044
scoring_system epss
scoring_elements 0.63202
published_at 2026-04-08T12:55:00Z
5
value 0.0044
scoring_system epss
scoring_elements 0.63219
published_at 2026-04-16T12:55:00Z
6
value 0.0044
scoring_system epss
scoring_elements 0.63221
published_at 2026-04-12T12:55:00Z
7
value 0.0044
scoring_system epss
scoring_elements 0.63096
published_at 2026-04-01T12:55:00Z
8
value 0.0044
scoring_system epss
scoring_elements 0.63184
published_at 2026-04-13T12:55:00Z
9
value 0.0044
scoring_system epss
scoring_elements 0.63155
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20222
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1924606
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1924606
4
reference_url https://github.com/keycloak/keycloak/commit/3b80eee5bfdf2b80c47465c0f2eaf70074808741
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/3b80eee5bfdf2b80c47465c0f2eaf70074808741
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-20222
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-20222
6
reference_url https://security.archlinux.org/ASA-202105-6
reference_id ASA-202105-6
reference_type
scores
url https://security.archlinux.org/ASA-202105-6
7
reference_url https://security.archlinux.org/AVG-1926
reference_id AVG-1926
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1926
8
reference_url https://github.com/advisories/GHSA-2mq8-99q7-55wx
reference_id GHSA-2mq8-99q7-55wx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2mq8-99q7-55wx
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@12.0.3
purl pkg:maven/org.keycloak/keycloak-parent@12.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14c3-xa9j-mbab
1
vulnerability VCID-3248-31p8-tyd4
2
vulnerability VCID-3jpe-awam-wqdz
3
vulnerability VCID-546n-kc1p-cyhm
4
vulnerability VCID-6ure-3hgz-xfgn
5
vulnerability VCID-7z49-f322-n7g8
6
vulnerability VCID-8cmx-d3j7-vqbz
7
vulnerability VCID-8zrg-f41g-pqfk
8
vulnerability VCID-cabc-jrpz-vuad
9
vulnerability VCID-dxj3-8sk5-mfdy
10
vulnerability VCID-gndk-728r-9yh7
11
vulnerability VCID-jkh6-bvx2-dycm
12
vulnerability VCID-nhe2-8dtq-gqbf
13
vulnerability VCID-u3tj-vmem-jbb9
14
vulnerability VCID-umcf-t6w5-juha
15
vulnerability VCID-xauc-r9cm-sycu
16
vulnerability VCID-xdfe-9zr4-47ax
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@12.0.3
1
url pkg:maven/org.keycloak/keycloak-parent@13.0.0
purl pkg:maven/org.keycloak/keycloak-parent@13.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jpe-awam-wqdz
1
vulnerability VCID-7z49-f322-n7g8
2
vulnerability VCID-8cmx-d3j7-vqbz
3
vulnerability VCID-8zrg-f41g-pqfk
4
vulnerability VCID-cabc-jrpz-vuad
5
vulnerability VCID-dxj3-8sk5-mfdy
6
vulnerability VCID-gndk-728r-9yh7
7
vulnerability VCID-jkh6-bvx2-dycm
8
vulnerability VCID-nhe2-8dtq-gqbf
9
vulnerability VCID-u3tj-vmem-jbb9
10
vulnerability VCID-umcf-t6w5-juha
11
vulnerability VCID-xauc-r9cm-sycu
12
vulnerability VCID-xdfe-9zr4-47ax
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@13.0.0
aliases CVE-2021-20222, GHSA-2mq8-99q7-55wx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-546n-kc1p-cyhm
4
url VCID-6ure-3hgz-xfgn
vulnerability_id VCID-6ure-3hgz-xfgn
summary 
Authentication Bypass by Primary Weakness
A vulnerability was found in all versions of keycloak, where on using lower case HTTP headers (via cURL) we can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we put a Gatekeeper in front of a Jetty server and use lowercase headers.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14359.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14359.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-14359
reference_id
reference_type
scores
0
value 0.00259
scoring_system epss
scoring_elements 0.49284
published_at 2026-04-18T12:55:00Z
1
value 0.00259
scoring_system epss
scoring_elements 0.49183
published_at 2026-04-01T12:55:00Z
2
value 0.00259
scoring_system epss
scoring_elements 0.49215
published_at 2026-04-02T12:55:00Z
3
value 0.00259
scoring_system epss
scoring_elements 0.49243
published_at 2026-04-04T12:55:00Z
4
value 0.00259
scoring_system epss
scoring_elements 0.49194
published_at 2026-04-07T12:55:00Z
5
value 0.00259
scoring_system epss
scoring_elements 0.49249
published_at 2026-04-08T12:55:00Z
6
value 0.00259
scoring_system epss
scoring_elements 0.49246
published_at 2026-04-09T12:55:00Z
7
value 0.00259
scoring_system epss
scoring_elements 0.49263
published_at 2026-04-11T12:55:00Z
8
value 0.00259
scoring_system epss
scoring_elements 0.49236
published_at 2026-04-12T12:55:00Z
9
value 0.00259
scoring_system epss
scoring_elements 0.49241
published_at 2026-04-13T12:55:00Z
10
value 0.00259
scoring_system epss
scoring_elements 0.49288
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-14359
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1868591
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1868591
3
reference_url https://github.com/keycloak/keycloak-gatekeeper
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak-gatekeeper
4
reference_url https://github.com/keycloak/keycloak/issues/12934
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/12934
5
reference_url https://issues.jboss.org/browse/KEYCLOAK-14090
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.jboss.org/browse/KEYCLOAK-14090
6
reference_url https://web.archive.org/web/20190613000352/github.com/keycloak/keycloak-gatekeeper
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20190613000352/github.com/keycloak/keycloak-gatekeeper
7
reference_url https://security.archlinux.org/AVG-1332
reference_id AVG-1332
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1332
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-14359
reference_id CVE-2020-14359
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-14359
9
reference_url https://github.com/advisories/GHSA-jh6m-3pqw-242h
reference_id GHSA-jh6m-3pqw-242h
reference_type
scores
url https://github.com/advisories/GHSA-jh6m-3pqw-242h
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@13.0.0
purl pkg:maven/org.keycloak/keycloak-parent@13.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jpe-awam-wqdz
1
vulnerability VCID-7z49-f322-n7g8
2
vulnerability VCID-8cmx-d3j7-vqbz
3
vulnerability VCID-8zrg-f41g-pqfk
4
vulnerability VCID-cabc-jrpz-vuad
5
vulnerability VCID-dxj3-8sk5-mfdy
6
vulnerability VCID-gndk-728r-9yh7
7
vulnerability VCID-jkh6-bvx2-dycm
8
vulnerability VCID-nhe2-8dtq-gqbf
9
vulnerability VCID-u3tj-vmem-jbb9
10
vulnerability VCID-umcf-t6w5-juha
11
vulnerability VCID-xauc-r9cm-sycu
12
vulnerability VCID-xdfe-9zr4-47ax
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@13.0.0
aliases CVE-2020-14359, GHSA-jh6m-3pqw-242h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ure-3hgz-xfgn
5
url VCID-7z49-f322-n7g8
vulnerability_id VCID-7z49-f322-n7g8
summary 
Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console
An issue was discovered in Keycloak allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the `UPLOAD_SCRIPTS` feature is disabled
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2668.json
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2668.json
1
reference_url https://access.redhat.com/security/cve/CVE-2022-2668
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2022-2668
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2668
reference_id
reference_type
scores
0
value 0.00473
scoring_system epss
scoring_elements 0.64744
published_at 2026-04-18T12:55:00Z
1
value 0.00473
scoring_system epss
scoring_elements 0.6467
published_at 2026-04-02T12:55:00Z
2
value 0.00473
scoring_system epss
scoring_elements 0.64698
published_at 2026-04-04T12:55:00Z
3
value 0.00473
scoring_system epss
scoring_elements 0.64656
published_at 2026-04-07T12:55:00Z
4
value 0.00473
scoring_system epss
scoring_elements 0.64704
published_at 2026-04-08T12:55:00Z
5
value 0.00473
scoring_system epss
scoring_elements 0.64719
published_at 2026-04-09T12:55:00Z
6
value 0.00473
scoring_system epss
scoring_elements 0.64736
published_at 2026-04-11T12:55:00Z
7
value 0.00473
scoring_system epss
scoring_elements 0.64724
published_at 2026-04-12T12:55:00Z
8
value 0.00473
scoring_system epss
scoring_elements 0.64696
published_at 2026-04-13T12:55:00Z
9
value 0.00473
scoring_system epss
scoring_elements 0.64733
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2668
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2115392
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2115392
4
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
5
reference_url https://github.com/keycloak/keycloak/commit/e2ae7eef39b27e48ffa4764995d558555f02838c
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/e2ae7eef39b27e48ffa4764995d558555f02838c
6
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2668
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2668
8
reference_url https://github.com/advisories/GHSA-wf7g-7h6h-678v
reference_id GHSA-wf7g-7h6h-678v
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wf7g-7h6h-678v
9
reference_url https://access.redhat.com/errata/RHSA-2022:6782
reference_id RHSA-2022:6782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6782
10
reference_url https://access.redhat.com/errata/RHSA-2022:6783
reference_id RHSA-2022:6783
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6783
11
reference_url https://access.redhat.com/errata/RHSA-2022:6787
reference_id RHSA-2022:6787
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6787
12
reference_url https://access.redhat.com/errata/RHSA-2022:7409
reference_id RHSA-2022:7409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7409
13
reference_url https://access.redhat.com/errata/RHSA-2022:7410
reference_id RHSA-2022:7410
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7410
14
reference_url https://access.redhat.com/errata/RHSA-2022:7411
reference_id RHSA-2022:7411
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7411
15
reference_url https://access.redhat.com/errata/RHSA-2022:7417
reference_id RHSA-2022:7417
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7417
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@19.0.2
purl pkg:maven/org.keycloak/keycloak-parent@19.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jpe-awam-wqdz
1
vulnerability VCID-dxj3-8sk5-mfdy
2
vulnerability VCID-jkh6-bvx2-dycm
3
vulnerability VCID-nhe2-8dtq-gqbf
4
vulnerability VCID-umcf-t6w5-juha
5
vulnerability VCID-xauc-r9cm-sycu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@19.0.2
aliases CVE-2022-2668, GHSA-wf7g-7h6h-678v
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7z49-f322-n7g8
6
url VCID-8cmx-d3j7-vqbz
vulnerability_id VCID-8cmx-d3j7-vqbz
summary 
Reflected XSS on clients-registrations endpoint
A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak. When a malicious request is sent to the client registration endpoint, the error message is not properly escaped, allowing an attacker to execute malicious scripts into the user's browser.
references
0
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
1
reference_url https://github.com/advisories/GHSA-m98g-63qj-fp8j
reference_id GHSA-m98g-63qj-fp8j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m98g-63qj-fp8j
2
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-m98g-63qj-fp8j
reference_id GHSA-m98g-63qj-fp8j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-m98g-63qj-fp8j
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@18.0.0
purl pkg:maven/org.keycloak/keycloak-parent@18.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jpe-awam-wqdz
1
vulnerability VCID-7z49-f322-n7g8
2
vulnerability VCID-cabc-jrpz-vuad
3
vulnerability VCID-dxj3-8sk5-mfdy
4
vulnerability VCID-jkh6-bvx2-dycm
5
vulnerability VCID-nhe2-8dtq-gqbf
6
vulnerability VCID-umcf-t6w5-juha
7
vulnerability VCID-xauc-r9cm-sycu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@18.0.0
aliases GHSA-m98g-63qj-fp8j, GMS-2022-1097
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8cmx-d3j7-vqbz
7
url VCID-8zrg-f41g-pqfk
vulnerability_id VCID-8zrg-f41g-pqfk
summary 
ECP SAML binding bypasses authentication flows
### Description
A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The highest threat from this vulnerability is to confidentiality and integrity.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3827.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3827.json
1
reference_url https://access.redhat.com/security/cve/CVE-2021-3827
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2021-3827
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3827
reference_id
reference_type
scores
0
value 0.00208
scoring_system epss
scoring_elements 0.43233
published_at 2026-04-13T12:55:00Z
1
value 0.00208
scoring_system epss
scoring_elements 0.43248
published_at 2026-04-12T12:55:00Z
2
value 0.00208
scoring_system epss
scoring_elements 0.4328
published_at 2026-04-11T12:55:00Z
3
value 0.00208
scoring_system epss
scoring_elements 0.4326
published_at 2026-04-09T12:55:00Z
4
value 0.00208
scoring_system epss
scoring_elements 0.4323
published_at 2026-04-02T12:55:00Z
5
value 0.00208
scoring_system epss
scoring_elements 0.43283
published_at 2026-04-18T12:55:00Z
6
value 0.00208
scoring_system epss
scoring_elements 0.43294
published_at 2026-04-16T12:55:00Z
7
value 0.00208
scoring_system epss
scoring_elements 0.43247
published_at 2026-04-08T12:55:00Z
8
value 0.00208
scoring_system epss
scoring_elements 0.43174
published_at 2026-04-01T12:55:00Z
9
value 0.00208
scoring_system epss
scoring_elements 0.43196
published_at 2026-04-07T12:55:00Z
10
value 0.00208
scoring_system epss
scoring_elements 0.43259
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3827
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2007512
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2007512
4
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
5
reference_url https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3827
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3827
7
reference_url https://security.archlinux.org/AVG-1332
reference_id AVG-1332
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1332
8
reference_url https://github.com/advisories/GHSA-4pc7-vqv5-5r3v
reference_id GHSA-4pc7-vqv5-5r3v
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4pc7-vqv5-5r3v
9
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-4pc7-vqv5-5r3v
reference_id GHSA-4pc7-vqv5-5r3v
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-4pc7-vqv5-5r3v
10
reference_url https://access.redhat.com/errata/RHSA-2022:0151
reference_id RHSA-2022:0151
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0151
11
reference_url https://access.redhat.com/errata/RHSA-2022:0152
reference_id RHSA-2022:0152
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0152
12
reference_url https://access.redhat.com/errata/RHSA-2022:0155
reference_id RHSA-2022:0155
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0155
13
reference_url https://access.redhat.com/errata/RHSA-2022:0164
reference_id RHSA-2022:0164
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0164
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@18.0.0
purl pkg:maven/org.keycloak/keycloak-parent@18.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jpe-awam-wqdz
1
vulnerability VCID-7z49-f322-n7g8
2
vulnerability VCID-cabc-jrpz-vuad
3
vulnerability VCID-dxj3-8sk5-mfdy
4
vulnerability VCID-jkh6-bvx2-dycm
5
vulnerability VCID-nhe2-8dtq-gqbf
6
vulnerability VCID-umcf-t6w5-juha
7
vulnerability VCID-xauc-r9cm-sycu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@18.0.0
aliases CVE-2021-3827, GHSA-4pc7-vqv5-5r3v, GMS-2022-1098
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8zrg-f41g-pqfk
8
url VCID-cabc-jrpz-vuad
vulnerability_id VCID-cabc-jrpz-vuad
summary 
Keycloak vulnerable to Stored Cross site Scripting (XSS) when loading default roles
A Stored XSS vulnerability was reported in the Keycloak Security mailing list, affecting all the versions of Keycloak, including the latest release (18.0.1). The vulnerability allows a privileged attacker to execute malicious scripts in the admin console, abusing of the default roles functionality. 

### CVSS 3.1 - **3.8**

**Vector String:** AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

**Vector Clarification:**

* User interaction is not required as the admin console is regularly used during an administrator's work
* The scope is unchanged since the admin console web application is both the vulnerable component and where the exploit executes

### Credits

Aytaç Kalıncı, Ilker Bulgurcu, Yasin Yılmaz (@aytackalinci, @smileronin, @yasinyilmaz) - NETAŞ PENTEST TEAM
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2256.json
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2256.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2256
reference_id
reference_type
scores
0
value 0.00882
scoring_system epss
scoring_elements 0.75428
published_at 2026-04-18T12:55:00Z
1
value 0.00882
scoring_system epss
scoring_elements 0.75421
published_at 2026-04-16T12:55:00Z
2
value 0.00882
scoring_system epss
scoring_elements 0.7538
published_at 2026-04-13T12:55:00Z
3
value 0.00882
scoring_system epss
scoring_elements 0.75391
published_at 2026-04-12T12:55:00Z
4
value 0.00882
scoring_system epss
scoring_elements 0.7534
published_at 2026-04-07T12:55:00Z
5
value 0.00882
scoring_system epss
scoring_elements 0.75393
published_at 2026-04-09T12:55:00Z
6
value 0.00882
scoring_system epss
scoring_elements 0.75383
published_at 2026-04-08T12:55:00Z
7
value 0.00882
scoring_system epss
scoring_elements 0.75328
published_at 2026-04-02T12:55:00Z
8
value 0.00882
scoring_system epss
scoring_elements 0.7536
published_at 2026-04-04T12:55:00Z
9
value 0.00882
scoring_system epss
scoring_elements 0.75413
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2256
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2101942
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2101942
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://github.com/keycloak/keycloak/commit/8e705a65ab2aa2b079374ec859ee7a75fad5a7d9
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/8e705a65ab2aa2b079374ec859ee7a75fad5a7d9
5
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2256
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2256
7
reference_url https://github.com/advisories/GHSA-w9mf-83w3-fv49
reference_id GHSA-w9mf-83w3-fv49
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w9mf-83w3-fv49
8
reference_url https://access.redhat.com/errata/RHSA-2022:6782
reference_id RHSA-2022:6782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6782
9
reference_url https://access.redhat.com/errata/RHSA-2022:6783
reference_id RHSA-2022:6783
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6783
10
reference_url https://access.redhat.com/errata/RHSA-2022:6787
reference_id RHSA-2022:6787
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6787
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@19.0.2
purl pkg:maven/org.keycloak/keycloak-parent@19.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jpe-awam-wqdz
1
vulnerability VCID-dxj3-8sk5-mfdy
2
vulnerability VCID-jkh6-bvx2-dycm
3
vulnerability VCID-nhe2-8dtq-gqbf
4
vulnerability VCID-umcf-t6w5-juha
5
vulnerability VCID-xauc-r9cm-sycu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@19.0.2
aliases CVE-2022-2256, GHSA-w9mf-83w3-fv49
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cabc-jrpz-vuad
9
url VCID-dxj3-8sk5-mfdy
vulnerability_id VCID-dxj3-8sk5-mfdy
summary 
Insufficient Session Expiration
A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.
references
0
reference_url https://access.redhat.com/errata/RHSA-2022:8961
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2022:8961
1
reference_url https://access.redhat.com/errata/RHSA-2022:8962
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2022:8962
2
reference_url https://access.redhat.com/errata/RHSA-2022:8963
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2022:8963
3
reference_url https://access.redhat.com/errata/RHSA-2022:8964
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2022:8964
4
reference_url https://access.redhat.com/errata/RHSA-2022:8965
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2022:8965
5
reference_url https://access.redhat.com/errata/RHSA-2023:1043
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2023:1043
6
reference_url https://access.redhat.com/errata/RHSA-2023:1044
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2023:1044
7
reference_url https://access.redhat.com/errata/RHSA-2023:1045
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2023:1045
8
reference_url https://access.redhat.com/errata/RHSA-2023:1047
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2023:1047
9
reference_url https://access.redhat.com/errata/RHSA-2023:1049
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2023:1049
10
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json
11
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3916
reference_id
reference_type
scores
0
value 0.00226
scoring_system epss
scoring_elements 0.45477
published_at 2026-04-18T12:55:00Z
1
value 0.00226
scoring_system epss
scoring_elements 0.45418
published_at 2026-04-02T12:55:00Z
2
value 0.00226
scoring_system epss
scoring_elements 0.45438
published_at 2026-04-04T12:55:00Z
3
value 0.00226
scoring_system epss
scoring_elements 0.45382
published_at 2026-04-07T12:55:00Z
4
value 0.00226
scoring_system epss
scoring_elements 0.45437
published_at 2026-04-09T12:55:00Z
5
value 0.00226
scoring_system epss
scoring_elements 0.45458
published_at 2026-04-11T12:55:00Z
6
value 0.00226
scoring_system epss
scoring_elements 0.45428
published_at 2026-04-12T12:55:00Z
7
value 0.00226
scoring_system epss
scoring_elements 0.4543
published_at 2026-04-13T12:55:00Z
8
value 0.00226
scoring_system epss
scoring_elements 0.45481
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3916
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2141404
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2141404
13
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6.1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
reference_id cpe:/a:redhat:rhosemc:1.0::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
20
reference_url https://access.redhat.com/security/cve/CVE-2022-3916
reference_id CVE-2022-3916
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/security/cve/CVE-2022-3916
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-3916
reference_id CVE-2022-3916
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-3916
22
reference_url https://github.com/advisories/GHSA-97g8-xfvw-q4hg
reference_id GHSA-97g8-xfvw-q4hg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-97g8-xfvw-q4hg
23
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg
reference_id GHSA-97g8-xfvw-q4hg
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@20.0.2
purl pkg:maven/org.keycloak/keycloak-parent@20.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jpe-awam-wqdz
1
vulnerability VCID-jkh6-bvx2-dycm
2
vulnerability VCID-nhe2-8dtq-gqbf
3
vulnerability VCID-umcf-t6w5-juha
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@20.0.2
aliases CVE-2022-3916, GHSA-97g8-xfvw-q4hg, GMS-2022-8406
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dxj3-8sk5-mfdy
10
url VCID-gndk-728r-9yh7
vulnerability_id VCID-gndk-728r-9yh7
summary 
Keycloak allows anyone to register new security device or key for any user by using WebAuthn password-less login flow
A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json
1
reference_url https://access.redhat.com/security/cve/CVE-2021-3632
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2021-3632
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3632
reference_id
reference_type
scores
0
value 0.00503
scoring_system epss
scoring_elements 0.66137
published_at 2026-04-18T12:55:00Z
1
value 0.00503
scoring_system epss
scoring_elements 0.66012
published_at 2026-04-01T12:55:00Z
2
value 0.00503
scoring_system epss
scoring_elements 0.66055
published_at 2026-04-02T12:55:00Z
3
value 0.00503
scoring_system epss
scoring_elements 0.66083
published_at 2026-04-04T12:55:00Z
4
value 0.00503
scoring_system epss
scoring_elements 0.66049
published_at 2026-04-07T12:55:00Z
5
value 0.00503
scoring_system epss
scoring_elements 0.66098
published_at 2026-04-08T12:55:00Z
6
value 0.00503
scoring_system epss
scoring_elements 0.6611
published_at 2026-04-09T12:55:00Z
7
value 0.00503
scoring_system epss
scoring_elements 0.66129
published_at 2026-04-11T12:55:00Z
8
value 0.00503
scoring_system epss
scoring_elements 0.66117
published_at 2026-04-12T12:55:00Z
9
value 0.00503
scoring_system epss
scoring_elements 0.66087
published_at 2026-04-13T12:55:00Z
10
value 0.00503
scoring_system epss
scoring_elements 0.66123
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3632
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1978196
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1978196
4
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
5
reference_url https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4
6
reference_url https://github.com/keycloak/keycloak/pull/8203
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/8203
7
reference_url https://issues.redhat.com/browse/KEYCLOAK-18500
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/KEYCLOAK-18500
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3632
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3632
9
reference_url https://security.archlinux.org/AVG-1332
reference_id AVG-1332
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1332
10
reference_url https://github.com/advisories/GHSA-qpq9-jpv4-6gwr
reference_id GHSA-qpq9-jpv4-6gwr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qpq9-jpv4-6gwr
11
reference_url https://access.redhat.com/errata/RHSA-2021:3527
reference_id RHSA-2021:3527
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3527
12
reference_url https://access.redhat.com/errata/RHSA-2021:3528
reference_id RHSA-2021:3528
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3528
13
reference_url https://access.redhat.com/errata/RHSA-2021:3529
reference_id RHSA-2021:3529
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3529
14
reference_url https://access.redhat.com/errata/RHSA-2021:3534
reference_id RHSA-2021:3534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3534
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@15.1.0
purl pkg:maven/org.keycloak/keycloak-parent@15.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jpe-awam-wqdz
1
vulnerability VCID-7z49-f322-n7g8
2
vulnerability VCID-8cmx-d3j7-vqbz
3
vulnerability VCID-8zrg-f41g-pqfk
4
vulnerability VCID-cabc-jrpz-vuad
5
vulnerability VCID-dxj3-8sk5-mfdy
6
vulnerability VCID-jkh6-bvx2-dycm
7
vulnerability VCID-nhe2-8dtq-gqbf
8
vulnerability VCID-u3tj-vmem-jbb9
9
vulnerability VCID-umcf-t6w5-juha
10
vulnerability VCID-xauc-r9cm-sycu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@15.1.0
aliases CVE-2021-3632, GHSA-qpq9-jpv4-6gwr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gndk-728r-9yh7
11
url VCID-jkh6-bvx2-dycm
vulnerability_id VCID-jkh6-bvx2-dycm
summary 
Keycloak Server-Side Request Forgery (SSRF) vulnerability
A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1518.json
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1518.json
1
reference_url https://access.redhat.com/security/cve/CVE-2026-1518
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-02T14:03:51Z/
url https://access.redhat.com/security/cve/CVE-2026-1518
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1518
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01411
published_at 2026-04-08T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01396
published_at 2026-04-02T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01406
published_at 2026-04-07T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.014
published_at 2026-04-04T12:55:00Z
4
value 0.00011
scoring_system epss
scoring_elements 0.01412
published_at 2026-04-09T12:55:00Z
5
value 0.00012
scoring_system epss
scoring_elements 0.01576
published_at 2026-04-18T12:55:00Z
6
value 0.00012
scoring_system epss
scoring_elements 0.01581
published_at 2026-04-11T12:55:00Z
7
value 0.00012
scoring_system epss
scoring_elements 0.01572
published_at 2026-04-13T12:55:00Z
8
value 0.00012
scoring_system epss
scoring_elements 0.01561
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1518
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2433727
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-02T14:03:51Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2433727
4
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1518
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1518
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
7
reference_url https://github.com/advisories/GHSA-fwhw-chw4-gh37
reference_id GHSA-fwhw-chw4-gh37
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fwhw-chw4-gh37
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@26.5.3
purl pkg:maven/org.keycloak/keycloak-parent@26.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-umcf-t6w5-juha
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@26.5.3
aliases CVE-2026-1518, GHSA-fwhw-chw4-gh37
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jkh6-bvx2-dycm
12
url VCID-nhe2-8dtq-gqbf
vulnerability_id VCID-nhe2-8dtq-gqbf
summary 
URL Redirection to Untrusted Site ('Open Redirect')
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.
references
0
reference_url https://access.redhat.com/errata/RHSA-2023:7854
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7854
1
reference_url https://access.redhat.com/errata/RHSA-2023:7855
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7855
2
reference_url https://access.redhat.com/errata/RHSA-2023:7856
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7856
3
reference_url https://access.redhat.com/errata/RHSA-2023:7857
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7857
4
reference_url https://access.redhat.com/errata/RHSA-2023:7858
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7858
5
reference_url https://access.redhat.com/errata/RHSA-2023:7860
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7860
6
reference_url https://access.redhat.com/errata/RHSA-2023:7861
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7861
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-6291
reference_id
reference_type
scores
0
value 0.00181
scoring_system epss
scoring_elements 0.39708
published_at 2026-04-18T12:55:00Z
1
value 0.00181
scoring_system epss
scoring_elements 0.39721
published_at 2026-04-02T12:55:00Z
2
value 0.00181
scoring_system epss
scoring_elements 0.39743
published_at 2026-04-04T12:55:00Z
3
value 0.00181
scoring_system epss
scoring_elements 0.39661
published_at 2026-04-07T12:55:00Z
4
value 0.00181
scoring_system epss
scoring_elements 0.39715
published_at 2026-04-08T12:55:00Z
5
value 0.00181
scoring_system epss
scoring_elements 0.3973
published_at 2026-04-09T12:55:00Z
6
value 0.00181
scoring_system epss
scoring_elements 0.39739
published_at 2026-04-11T12:55:00Z
7
value 0.00181
scoring_system epss
scoring_elements 0.39703
published_at 2026-04-12T12:55:00Z
8
value 0.00181
scoring_system epss
scoring_elements 0.39687
published_at 2026-04-13T12:55:00Z
9
value 0.00181
scoring_system epss
scoring_elements 0.39737
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-6291
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2251407
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2251407
10
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
11
reference_url https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22
reference_id cpe:/a:redhat:build_keycloak:22
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9
reference_id cpe:/a:redhat:build_keycloak:22::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
reference_id cpe:/a:redhat:jboss_data_grid:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6
reference_id cpe:/a:redhat:migration_toolkit_applications:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7
reference_id cpe:/a:redhat:migration_toolkit_applications:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6.6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
reference_id cpe:/a:redhat:rhosemc:1.0::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1
reference_id cpe:/a:redhat:serverless:1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1
29
reference_url https://access.redhat.com/security/cve/CVE-2023-6291
reference_id CVE-2023-6291
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/security/cve/CVE-2023-6291
30
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-6291
reference_id CVE-2023-6291
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-6291
31
reference_url https://github.com/advisories/GHSA-mpwq-j3xf-7m5w
reference_id GHSA-mpwq-j3xf-7m5w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mpwq-j3xf-7m5w
32
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w
reference_id GHSA-mpwq-j3xf-7m5w
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@23.0.0
purl pkg:maven/org.keycloak/keycloak-parent@23.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jpe-awam-wqdz
1
vulnerability VCID-jkh6-bvx2-dycm
2
vulnerability VCID-umcf-t6w5-juha
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@23.0.0
aliases CVE-2023-6291, GHSA-mpwq-j3xf-7m5w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nhe2-8dtq-gqbf
13
url VCID-u3tj-vmem-jbb9
vulnerability_id VCID-u3tj-vmem-jbb9
summary 
Incorrect Authorization
A flaw was found in Keycloak which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4133.json
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4133.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-4133
reference_id
reference_type
scores
0
value 0.00428
scoring_system epss
scoring_elements 0.62518
published_at 2026-04-18T12:55:00Z
1
value 0.00428
scoring_system epss
scoring_elements 0.62512
published_at 2026-04-16T12:55:00Z
2
value 0.00428
scoring_system epss
scoring_elements 0.6247
published_at 2026-04-13T12:55:00Z
3
value 0.00428
scoring_system epss
scoring_elements 0.62492
published_at 2026-04-12T12:55:00Z
4
value 0.00428
scoring_system epss
scoring_elements 0.62503
published_at 2026-04-11T12:55:00Z
5
value 0.00428
scoring_system epss
scoring_elements 0.62484
published_at 2026-04-09T12:55:00Z
6
value 0.00428
scoring_system epss
scoring_elements 0.62468
published_at 2026-04-08T12:55:00Z
7
value 0.00428
scoring_system epss
scoring_elements 0.62417
published_at 2026-04-07T12:55:00Z
8
value 0.00428
scoring_system epss
scoring_elements 0.62361
published_at 2026-04-01T12:55:00Z
9
value 0.00428
scoring_system epss
scoring_elements 0.6245
published_at 2026-04-04T12:55:00Z
10
value 0.00428
scoring_system epss
scoring_elements 0.6242
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-4133
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2033602
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2033602
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://github.com/keycloak/keycloak/issues/9247
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/9247
5
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-4133
reference_id CVE-2021-4133
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-4133
7
reference_url https://github.com/advisories/GHSA-83x4-9cwr-5487
reference_id GHSA-83x4-9cwr-5487
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-83x4-9cwr-5487
8
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-83x4-9cwr-5487
reference_id GHSA-83x4-9cwr-5487
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-83x4-9cwr-5487
9
reference_url https://access.redhat.com/errata/RHSA-2021:5217
reference_id RHSA-2021:5217
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5217
10
reference_url https://access.redhat.com/errata/RHSA-2021:5218
reference_id RHSA-2021:5218
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5218
11
reference_url https://access.redhat.com/errata/RHSA-2021:5219
reference_id RHSA-2021:5219
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5219
12
reference_url https://access.redhat.com/errata/RHSA-2022:0015
reference_id RHSA-2022:0015
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0015
13
reference_url https://access.redhat.com/errata/RHSA-2022:0034
reference_id RHSA-2022:0034
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0034
14
reference_url https://access.redhat.com/errata/RHSA-2022:0151
reference_id RHSA-2022:0151
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0151
15
reference_url https://access.redhat.com/errata/RHSA-2022:0152
reference_id RHSA-2022:0152
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0152
16
reference_url https://access.redhat.com/errata/RHSA-2022:0155
reference_id RHSA-2022:0155
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0155
17
reference_url https://access.redhat.com/errata/RHSA-2022:0164
reference_id RHSA-2022:0164
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0164
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@15.1.1
purl pkg:maven/org.keycloak/keycloak-parent@15.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jpe-awam-wqdz
1
vulnerability VCID-7z49-f322-n7g8
2
vulnerability VCID-8cmx-d3j7-vqbz
3
vulnerability VCID-8zrg-f41g-pqfk
4
vulnerability VCID-cabc-jrpz-vuad
5
vulnerability VCID-dxj3-8sk5-mfdy
6
vulnerability VCID-jkh6-bvx2-dycm
7
vulnerability VCID-nhe2-8dtq-gqbf
8
vulnerability VCID-umcf-t6w5-juha
9
vulnerability VCID-xauc-r9cm-sycu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@15.1.1
aliases CVE-2021-4133, GHSA-83x4-9cwr-5487
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u3tj-vmem-jbb9
14
url VCID-umcf-t6w5-juha
vulnerability_id VCID-umcf-t6w5-juha
summary 
Keycloak Authentication Error
A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has entered.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14910.json
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14910.json
1
reference_url https://access.redhat.com/security/cve/cve-2019-14910
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/cve-2019-14910
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14910
reference_id
reference_type
scores
0
value 0.00419
scoring_system epss
scoring_elements 0.61931
published_at 2026-04-18T12:55:00Z
1
value 0.00419
scoring_system epss
scoring_elements 0.61829
published_at 2026-04-07T12:55:00Z
2
value 0.00419
scoring_system epss
scoring_elements 0.61878
published_at 2026-04-08T12:55:00Z
3
value 0.00419
scoring_system epss
scoring_elements 0.61894
published_at 2026-04-09T12:55:00Z
4
value 0.00419
scoring_system epss
scoring_elements 0.61915
published_at 2026-04-11T12:55:00Z
5
value 0.00419
scoring_system epss
scoring_elements 0.61903
published_at 2026-04-12T12:55:00Z
6
value 0.00419
scoring_system epss
scoring_elements 0.61883
published_at 2026-04-13T12:55:00Z
7
value 0.00419
scoring_system epss
scoring_elements 0.61926
published_at 2026-04-16T12:55:00Z
8
value 0.00419
scoring_system epss
scoring_elements 0.61754
published_at 2026-04-01T12:55:00Z
9
value 0.00419
scoring_system epss
scoring_elements 0.61828
published_at 2026-04-02T12:55:00Z
10
value 0.00419
scoring_system epss
scoring_elements 0.61859
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14910
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14910
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14910
4
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14910
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14910
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1778265
reference_id 1778265
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1778265
7
reference_url https://github.com/advisories/GHSA-jf86-9434-f8c2
reference_id GHSA-jf86-9434-f8c2
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jf86-9434-f8c2
fixed_packages
aliases CVE-2019-14910, GHSA-jf86-9434-f8c2
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-umcf-t6w5-juha
15
url VCID-xauc-r9cm-sycu
vulnerability_id VCID-xauc-r9cm-sycu
summary 
Keycloak vulnerable to path traversal via double URL encoding
Keycloak does not properly validate URLs included in a redirect. An attacker could construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain, or possibly conduct further attacks.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3782.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3782.json
1
reference_url https://access.redhat.com/security/cve/CVE-2022-3782
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-09T13:41:56Z/
url https://access.redhat.com/security/cve/CVE-2022-3782
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3782
reference_id
reference_type
scores
0
value 0.0012
scoring_system epss
scoring_elements 0.31033
published_at 2026-04-12T12:55:00Z
1
value 0.0012
scoring_system epss
scoring_elements 0.31077
published_at 2026-04-11T12:55:00Z
2
value 0.0012
scoring_system epss
scoring_elements 0.3107
published_at 2026-04-09T12:55:00Z
3
value 0.0012
scoring_system epss
scoring_elements 0.30988
published_at 2026-04-13T12:55:00Z
4
value 0.0012
scoring_system epss
scoring_elements 0.31019
published_at 2026-04-16T12:55:00Z
5
value 0.0012
scoring_system epss
scoring_elements 0.31042
published_at 2026-04-08T12:55:00Z
6
value 0.0012
scoring_system epss
scoring_elements 0.31
published_at 2026-04-18T12:55:00Z
7
value 0.0012
scoring_system epss
scoring_elements 0.30985
published_at 2026-04-07T12:55:00Z
8
value 0.0012
scoring_system epss
scoring_elements 0.31166
published_at 2026-04-04T12:55:00Z
9
value 0.0012
scoring_system epss
scoring_elements 0.31119
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3782
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://github.com/keycloak/keycloak/pull/15982/commits/1987c942f527b9f3bbf2a86ba71ba8ae0154ac37
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/15982/commits/1987c942f527b9f3bbf2a86ba71ba8ae0154ac37
5
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-g8q8-fggx-9r3q
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-g8q8-fggx-9r3q
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-3782
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-3782
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2138971
reference_id 2138971
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2138971
8
reference_url https://github.com/advisories/GHSA-g8q8-fggx-9r3q
reference_id GHSA-g8q8-fggx-9r3q
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g8q8-fggx-9r3q
9
reference_url https://access.redhat.com/errata/RHSA-2023:1285
reference_id RHSA-2023:1285
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1285
10
reference_url https://access.redhat.com/errata/RHSA-2023:1661
reference_id RHSA-2023:1661
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1661
11
reference_url https://access.redhat.com/errata/RHSA-2023:2041
reference_id RHSA-2023:2041
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2041
12
reference_url https://access.redhat.com/errata/RHSA-2023:3185
reference_id RHSA-2023:3185
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3185
13
reference_url https://access.redhat.com/errata/RHSA-2023:3815
reference_id RHSA-2023:3815
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3815
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@20.0.1
purl pkg:maven/org.keycloak/keycloak-parent@20.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jpe-awam-wqdz
1
vulnerability VCID-dxj3-8sk5-mfdy
2
vulnerability VCID-jkh6-bvx2-dycm
3
vulnerability VCID-nhe2-8dtq-gqbf
4
vulnerability VCID-umcf-t6w5-juha
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@20.0.1
1
url pkg:maven/org.keycloak/keycloak-parent@20.0.2
purl pkg:maven/org.keycloak/keycloak-parent@20.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jpe-awam-wqdz
1
vulnerability VCID-jkh6-bvx2-dycm
2
vulnerability VCID-nhe2-8dtq-gqbf
3
vulnerability VCID-umcf-t6w5-juha
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@20.0.2
aliases CVE-2022-3782, GHSA-g8q8-fggx-9r3q, GMS-2022-8407
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xauc-r9cm-sycu
16
url VCID-xdfe-9zr4-47ax
vulnerability_id VCID-xdfe-9zr4-47ax
summary 
Allocation of Resources Without Limits or Throttling
A flaw was found in keycloak-model-infinispan in keycloak where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3637.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3637.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3637
reference_id
reference_type
scores
0
value 0.00468
scoring_system epss
scoring_elements 0.64513
published_at 2026-04-18T12:55:00Z
1
value 0.00468
scoring_system epss
scoring_elements 0.64491
published_at 2026-04-09T12:55:00Z
2
value 0.00468
scoring_system epss
scoring_elements 0.64506
published_at 2026-04-11T12:55:00Z
3
value 0.00468
scoring_system epss
scoring_elements 0.64495
published_at 2026-04-12T12:55:00Z
4
value 0.00468
scoring_system epss
scoring_elements 0.64467
published_at 2026-04-13T12:55:00Z
5
value 0.00468
scoring_system epss
scoring_elements 0.64501
published_at 2026-04-16T12:55:00Z
6
value 0.00468
scoring_system epss
scoring_elements 0.64383
published_at 2026-04-01T12:55:00Z
7
value 0.00468
scoring_system epss
scoring_elements 0.64437
published_at 2026-04-02T12:55:00Z
8
value 0.00468
scoring_system epss
scoring_elements 0.64468
published_at 2026-04-04T12:55:00Z
9
value 0.00468
scoring_system epss
scoring_elements 0.64427
published_at 2026-04-07T12:55:00Z
10
value 0.00468
scoring_system epss
scoring_elements 0.64475
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3637
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1979638
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1979638
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3637
reference_id CVE-2021-3637
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3637
4
reference_url https://github.com/advisories/GHSA-2vp8-jv5v-6qh6
reference_id GHSA-2vp8-jv5v-6qh6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2vp8-jv5v-6qh6
5
reference_url https://access.redhat.com/errata/RHSA-2021:3527
reference_id RHSA-2021:3527
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3527
6
reference_url https://access.redhat.com/errata/RHSA-2021:3528
reference_id RHSA-2021:3528
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3528
7
reference_url https://access.redhat.com/errata/RHSA-2021:3529
reference_id RHSA-2021:3529
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3529
8
reference_url https://access.redhat.com/errata/RHSA-2021:3534
reference_id RHSA-2021:3534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3534
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@14.0.0
purl pkg:maven/org.keycloak/keycloak-parent@14.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jpe-awam-wqdz
1
vulnerability VCID-7z49-f322-n7g8
2
vulnerability VCID-8cmx-d3j7-vqbz
3
vulnerability VCID-8zrg-f41g-pqfk
4
vulnerability VCID-cabc-jrpz-vuad
5
vulnerability VCID-dxj3-8sk5-mfdy
6
vulnerability VCID-gndk-728r-9yh7
7
vulnerability VCID-jkh6-bvx2-dycm
8
vulnerability VCID-nhe2-8dtq-gqbf
9
vulnerability VCID-u3tj-vmem-jbb9
10
vulnerability VCID-umcf-t6w5-juha
11
vulnerability VCID-xauc-r9cm-sycu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@14.0.0
aliases CVE-2021-3637, GHSA-2vp8-jv5v-6qh6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xdfe-9zr4-47ax
Fixing_vulnerabilities
0
url VCID-rssz-yqj9-b7h8
vulnerability_id VCID-rssz-yqj9-b7h8
summary 
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14366.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14366.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-14366
reference_id
reference_type
scores
0
value 0.00384
scoring_system epss
scoring_elements 0.59715
published_at 2026-04-18T12:55:00Z
1
value 0.00384
scoring_system epss
scoring_elements 0.59676
published_at 2026-04-08T12:55:00Z
2
value 0.00384
scoring_system epss
scoring_elements 0.5969
published_at 2026-04-09T12:55:00Z
3
value 0.00384
scoring_system epss
scoring_elements 0.5971
published_at 2026-04-11T12:55:00Z
4
value 0.00384
scoring_system epss
scoring_elements 0.59693
published_at 2026-04-12T12:55:00Z
5
value 0.00384
scoring_system epss
scoring_elements 0.59674
published_at 2026-04-13T12:55:00Z
6
value 0.00384
scoring_system epss
scoring_elements 0.59707
published_at 2026-04-16T12:55:00Z
7
value 0.00384
scoring_system epss
scoring_elements 0.59557
published_at 2026-04-01T12:55:00Z
8
value 0.00384
scoring_system epss
scoring_elements 0.59631
published_at 2026-04-02T12:55:00Z
9
value 0.00384
scoring_system epss
scoring_elements 0.59656
published_at 2026-04-04T12:55:00Z
10
value 0.00384
scoring_system epss
scoring_elements 0.59625
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-14366
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14366
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14366
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1869764
reference_id 1869764
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1869764
4
reference_url https://security.archlinux.org/AVG-1471
reference_id AVG-1471
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1471
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-14366
reference_id CVE-2020-14366
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-14366
6
reference_url https://github.com/advisories/GHSA-cp67-8w3w-6h9c
reference_id GHSA-cp67-8w3w-6h9c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cp67-8w3w-6h9c
7
reference_url https://access.redhat.com/errata/RHSA-2020:4931
reference_id RHSA-2020:4931
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4931
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@12.0.0
purl pkg:maven/org.keycloak/keycloak-parent@12.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14c3-xa9j-mbab
1
vulnerability VCID-3248-31p8-tyd4
2
vulnerability VCID-3jpe-awam-wqdz
3
vulnerability VCID-546n-kc1p-cyhm
4
vulnerability VCID-6ure-3hgz-xfgn
5
vulnerability VCID-7z49-f322-n7g8
6
vulnerability VCID-8cmx-d3j7-vqbz
7
vulnerability VCID-8zrg-f41g-pqfk
8
vulnerability VCID-cabc-jrpz-vuad
9
vulnerability VCID-dxj3-8sk5-mfdy
10
vulnerability VCID-gndk-728r-9yh7
11
vulnerability VCID-jkh6-bvx2-dycm
12
vulnerability VCID-nhe2-8dtq-gqbf
13
vulnerability VCID-u3tj-vmem-jbb9
14
vulnerability VCID-umcf-t6w5-juha
15
vulnerability VCID-xauc-r9cm-sycu
16
vulnerability VCID-xdfe-9zr4-47ax
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@12.0.0
aliases CVE-2020-14366, GHSA-cp67-8w3w-6h9c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rssz-yqj9-b7h8
1
url VCID-sk6p-vfu6-7kem
vulnerability_id VCID-sk6p-vfu6-7kem
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10776
reference_id
reference_type
scores
0
value 0.00271
scoring_system epss
scoring_elements 0.50621
published_at 2026-04-18T12:55:00Z
1
value 0.00271
scoring_system epss
scoring_elements 0.50518
published_at 2026-04-07T12:55:00Z
2
value 0.00271
scoring_system epss
scoring_elements 0.50573
published_at 2026-04-08T12:55:00Z
3
value 0.00271
scoring_system epss
scoring_elements 0.5057
published_at 2026-04-09T12:55:00Z
4
value 0.00271
scoring_system epss
scoring_elements 0.50612
published_at 2026-04-11T12:55:00Z
5
value 0.00271
scoring_system epss
scoring_elements 0.50589
published_at 2026-04-12T12:55:00Z
6
value 0.00271
scoring_system epss
scoring_elements 0.50574
published_at 2026-04-13T12:55:00Z
7
value 0.00271
scoring_system epss
scoring_elements 0.50616
published_at 2026-04-16T12:55:00Z
8
value 0.00271
scoring_system epss
scoring_elements 0.50481
published_at 2026-04-01T12:55:00Z
9
value 0.00271
scoring_system epss
scoring_elements 0.50537
published_at 2026-04-02T12:55:00Z
10
value 0.00271
scoring_system epss
scoring_elements 0.50565
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10776
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1847428
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1847428
3
reference_url https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10776
reference_id CVE-2020-10776
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10776
5
reference_url https://github.com/advisories/GHSA-484q-784p-8m5h
reference_id GHSA-484q-784p-8m5h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-484q-784p-8m5h
6
reference_url https://access.redhat.com/errata/RHSA-2020:4929
reference_id RHSA-2020:4929
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4929
7
reference_url https://access.redhat.com/errata/RHSA-2020:4930
reference_id RHSA-2020:4930
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4930
8
reference_url https://access.redhat.com/errata/RHSA-2020:4931
reference_id RHSA-2020:4931
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4931
9
reference_url https://access.redhat.com/errata/RHSA-2020:4932
reference_id RHSA-2020:4932
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4932
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@12.0.0
purl pkg:maven/org.keycloak/keycloak-parent@12.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14c3-xa9j-mbab
1
vulnerability VCID-3248-31p8-tyd4
2
vulnerability VCID-3jpe-awam-wqdz
3
vulnerability VCID-546n-kc1p-cyhm
4
vulnerability VCID-6ure-3hgz-xfgn
5
vulnerability VCID-7z49-f322-n7g8
6
vulnerability VCID-8cmx-d3j7-vqbz
7
vulnerability VCID-8zrg-f41g-pqfk
8
vulnerability VCID-cabc-jrpz-vuad
9
vulnerability VCID-dxj3-8sk5-mfdy
10
vulnerability VCID-gndk-728r-9yh7
11
vulnerability VCID-jkh6-bvx2-dycm
12
vulnerability VCID-nhe2-8dtq-gqbf
13
vulnerability VCID-u3tj-vmem-jbb9
14
vulnerability VCID-umcf-t6w5-juha
15
vulnerability VCID-xauc-r9cm-sycu
16
vulnerability VCID-xdfe-9zr4-47ax
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@12.0.0
aliases CVE-2020-10776, GHSA-484q-784p-8m5h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sk6p-vfu6-7kem
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@12.0.0