Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.keycloak/keycloak-parent@14.0.0
Typemaven
Namespaceorg.keycloak
Namekeycloak-parent
Version14.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-1a4q-f36b-43aq
vulnerability_id VCID-1a4q-f36b-43aq
summary 
Incorrect Authorization
A flaw was found in Keycloak which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4133.json
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4133.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-4133
reference_id
reference_type
scores
0
value 0.00428
scoring_system epss
scoring_elements 0.62834
published_at 2026-06-05T12:55:00Z
1
value 0.00428
scoring_system epss
scoring_elements 0.62791
published_at 2026-06-04T12:55:00Z
2
value 0.00428
scoring_system epss
scoring_elements 0.62819
published_at 2026-06-08T12:55:00Z
3
value 0.00428
scoring_system epss
scoring_elements 0.62833
published_at 2026-06-07T12:55:00Z
4
value 0.00428
scoring_system epss
scoring_elements 0.62843
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-4133
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2033602
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2033602
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://github.com/keycloak/keycloak/issues/9247
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/9247
5
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-4133
reference_id CVE-2021-4133
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-4133
7
reference_url https://github.com/advisories/GHSA-83x4-9cwr-5487
reference_id GHSA-83x4-9cwr-5487
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-83x4-9cwr-5487
8
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-83x4-9cwr-5487
reference_id GHSA-83x4-9cwr-5487
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-83x4-9cwr-5487
9
reference_url https://access.redhat.com/errata/RHSA-2021:5217
reference_id RHSA-2021:5217
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5217
10
reference_url https://access.redhat.com/errata/RHSA-2021:5218
reference_id RHSA-2021:5218
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5218
11
reference_url https://access.redhat.com/errata/RHSA-2021:5219
reference_id RHSA-2021:5219
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5219
12
reference_url https://access.redhat.com/errata/RHSA-2022:0015
reference_id RHSA-2022:0015
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0015
13
reference_url https://access.redhat.com/errata/RHSA-2022:0034
reference_id RHSA-2022:0034
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0034
14
reference_url https://access.redhat.com/errata/RHSA-2022:0151
reference_id RHSA-2022:0151
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0151
15
reference_url https://access.redhat.com/errata/RHSA-2022:0152
reference_id RHSA-2022:0152
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0152
16
reference_url https://access.redhat.com/errata/RHSA-2022:0155
reference_id RHSA-2022:0155
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0155
17
reference_url https://access.redhat.com/errata/RHSA-2022:0164
reference_id RHSA-2022:0164
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0164
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@15.1.1
purl pkg:maven/org.keycloak/keycloak-parent@15.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bps-7j9p-a3b6
1
vulnerability VCID-2ju8-s2gd-b3ee
2
vulnerability VCID-48jh-8c96-3bc9
3
vulnerability VCID-8sqn-nkzx-euec
4
vulnerability VCID-azxv-y5rj-vkg9
5
vulnerability VCID-kfxs-f5j7-mfhu
6
vulnerability VCID-ku7s-gnhp-a3du
7
vulnerability VCID-rt61-271c-nkgk
8
vulnerability VCID-xbkp-kjgd-fqcx
9
vulnerability VCID-yn28-fcm1-zfcs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@15.1.1
aliases CVE-2021-4133, GHSA-83x4-9cwr-5487
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1a4q-f36b-43aq
1
url VCID-1bps-7j9p-a3b6
vulnerability_id VCID-1bps-7j9p-a3b6
summary 
Keycloak Server-Side Request Forgery (SSRF) vulnerability
A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1518.json
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1518.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1518
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02152
published_at 2026-06-08T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02178
published_at 2026-06-05T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.02184
published_at 2026-06-06T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.02165
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1518
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2433727
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-02T14:03:51Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2433727
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
5
reference_url https://access.redhat.com/security/cve/CVE-2026-1518
reference_id CVE-2026-1518
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-02T14:03:51Z/
url https://access.redhat.com/security/cve/CVE-2026-1518
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1518
reference_id CVE-2026-1518
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1518
7
reference_url https://github.com/advisories/GHSA-fwhw-chw4-gh37
reference_id GHSA-fwhw-chw4-gh37
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fwhw-chw4-gh37
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@26.5.3
purl pkg:maven/org.keycloak/keycloak-parent@26.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rt61-271c-nkgk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@26.5.3
aliases CVE-2026-1518, GHSA-fwhw-chw4-gh37
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1bps-7j9p-a3b6
2
url VCID-2ju8-s2gd-b3ee
vulnerability_id VCID-2ju8-s2gd-b3ee
summary 
Reflected XSS on clients-registrations endpoint
A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak. When a malicious request is sent to the client registration endpoint, the error message is not properly escaped, allowing an attacker to execute malicious scripts into the user's browser.
references
0
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
1
reference_url https://github.com/advisories/GHSA-m98g-63qj-fp8j
reference_id GHSA-m98g-63qj-fp8j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m98g-63qj-fp8j
2
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-m98g-63qj-fp8j
reference_id GHSA-m98g-63qj-fp8j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-m98g-63qj-fp8j
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@18.0.0
purl pkg:maven/org.keycloak/keycloak-parent@18.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bps-7j9p-a3b6
1
vulnerability VCID-48jh-8c96-3bc9
2
vulnerability VCID-8sqn-nkzx-euec
3
vulnerability VCID-azxv-y5rj-vkg9
4
vulnerability VCID-kfxs-f5j7-mfhu
5
vulnerability VCID-ku7s-gnhp-a3du
6
vulnerability VCID-rt61-271c-nkgk
7
vulnerability VCID-xbkp-kjgd-fqcx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@18.0.0
aliases GHSA-m98g-63qj-fp8j, GMS-2022-1097
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2ju8-s2gd-b3ee
3
url VCID-48jh-8c96-3bc9
vulnerability_id VCID-48jh-8c96-3bc9
summary keycloak: path traversal via double URL encoding
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3782.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3782.json
1
reference_url https://access.redhat.com/security/cve/CVE-2022-3782
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-09T13:41:56Z/
url https://access.redhat.com/security/cve/CVE-2022-3782
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3782
reference_id
reference_type
scores
0
value 0.00169
scoring_system epss
scoring_elements 0.37877
published_at 2026-06-08T12:55:00Z
1
value 0.00169
scoring_system epss
scoring_elements 0.37849
published_at 2026-06-04T12:55:00Z
2
value 0.00169
scoring_system epss
scoring_elements 0.3794
published_at 2026-06-05T12:55:00Z
3
value 0.00169
scoring_system epss
scoring_elements 0.37942
published_at 2026-06-06T12:55:00Z
4
value 0.00169
scoring_system epss
scoring_elements 0.37911
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3782
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://github.com/keycloak/keycloak/pull/15982/commits/1987c942f527b9f3bbf2a86ba71ba8ae0154ac37
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/15982/commits/1987c942f527b9f3bbf2a86ba71ba8ae0154ac37
5
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-g8q8-fggx-9r3q
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-g8q8-fggx-9r3q
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-3782
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-3782
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2138971
reference_id 2138971
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2138971
8
reference_url https://github.com/advisories/GHSA-g8q8-fggx-9r3q
reference_id GHSA-g8q8-fggx-9r3q
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g8q8-fggx-9r3q
9
reference_url https://access.redhat.com/errata/RHSA-2023:1285
reference_id RHSA-2023:1285
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1285
10
reference_url https://access.redhat.com/errata/RHSA-2023:1661
reference_id RHSA-2023:1661
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1661
11
reference_url https://access.redhat.com/errata/RHSA-2023:2041
reference_id RHSA-2023:2041
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2041
12
reference_url https://access.redhat.com/errata/RHSA-2023:2135
reference_id RHSA-2023:2135
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2135
13
reference_url https://access.redhat.com/errata/RHSA-2023:3185
reference_id RHSA-2023:3185
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3185
14
reference_url https://access.redhat.com/errata/RHSA-2023:3815
reference_id RHSA-2023:3815
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3815
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@20.0.1
purl pkg:maven/org.keycloak/keycloak-parent@20.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bps-7j9p-a3b6
1
vulnerability VCID-azxv-y5rj-vkg9
2
vulnerability VCID-ku7s-gnhp-a3du
3
vulnerability VCID-rt61-271c-nkgk
4
vulnerability VCID-xbkp-kjgd-fqcx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@20.0.1
1
url pkg:maven/org.keycloak/keycloak-parent@20.0.2
purl pkg:maven/org.keycloak/keycloak-parent@20.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bps-7j9p-a3b6
1
vulnerability VCID-ku7s-gnhp-a3du
2
vulnerability VCID-rt61-271c-nkgk
3
vulnerability VCID-xbkp-kjgd-fqcx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@20.0.2
aliases CVE-2022-3782, GHSA-g8q8-fggx-9r3q, GMS-2022-8407
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-48jh-8c96-3bc9
4
url VCID-8sqn-nkzx-euec
vulnerability_id VCID-8sqn-nkzx-euec
summary keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2668.json
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2668.json
1
reference_url https://access.redhat.com/security/cve/CVE-2022-2668
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2022-2668
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2668
reference_id
reference_type
scores
0
value 0.00473
scoring_system epss
scoring_elements 0.65087
published_at 2026-06-08T12:55:00Z
1
value 0.00473
scoring_system epss
scoring_elements 0.65057
published_at 2026-06-04T12:55:00Z
2
value 0.00473
scoring_system epss
scoring_elements 0.65099
published_at 2026-06-07T12:55:00Z
3
value 0.00473
scoring_system epss
scoring_elements 0.6511
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2668
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://github.com/keycloak/keycloak/commit/e2ae7eef39b27e48ffa4764995d558555f02838c
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/e2ae7eef39b27e48ffa4764995d558555f02838c
5
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2668
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2668
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2115392
reference_id 2115392
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2115392
8
reference_url https://github.com/advisories/GHSA-wf7g-7h6h-678v
reference_id GHSA-wf7g-7h6h-678v
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wf7g-7h6h-678v
9
reference_url https://access.redhat.com/errata/RHSA-2022:6782
reference_id RHSA-2022:6782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6782
10
reference_url https://access.redhat.com/errata/RHSA-2022:6783
reference_id RHSA-2022:6783
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6783
11
reference_url https://access.redhat.com/errata/RHSA-2022:6787
reference_id RHSA-2022:6787
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6787
12
reference_url https://access.redhat.com/errata/RHSA-2022:7409
reference_id RHSA-2022:7409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7409
13
reference_url https://access.redhat.com/errata/RHSA-2022:7410
reference_id RHSA-2022:7410
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7410
14
reference_url https://access.redhat.com/errata/RHSA-2022:7411
reference_id RHSA-2022:7411
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7411
15
reference_url https://access.redhat.com/errata/RHSA-2022:7417
reference_id RHSA-2022:7417
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7417
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@19.0.2
purl pkg:maven/org.keycloak/keycloak-parent@19.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bps-7j9p-a3b6
1
vulnerability VCID-48jh-8c96-3bc9
2
vulnerability VCID-azxv-y5rj-vkg9
3
vulnerability VCID-ku7s-gnhp-a3du
4
vulnerability VCID-rt61-271c-nkgk
5
vulnerability VCID-xbkp-kjgd-fqcx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@19.0.2
aliases CVE-2022-2668, GHSA-wf7g-7h6h-678v
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8sqn-nkzx-euec
5
url VCID-azxv-y5rj-vkg9
vulnerability_id VCID-azxv-y5rj-vkg9
summary 
Insufficient Session Expiration
A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.
references
0
reference_url https://access.redhat.com/errata/RHSA-2022:8961
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2022:8961
1
reference_url https://access.redhat.com/errata/RHSA-2022:8962
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2022:8962
2
reference_url https://access.redhat.com/errata/RHSA-2022:8963
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2022:8963
3
reference_url https://access.redhat.com/errata/RHSA-2022:8964
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2022:8964
4
reference_url https://access.redhat.com/errata/RHSA-2022:8965
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2022:8965
5
reference_url https://access.redhat.com/errata/RHSA-2023:1043
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2023:1043
6
reference_url https://access.redhat.com/errata/RHSA-2023:1044
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2023:1044
7
reference_url https://access.redhat.com/errata/RHSA-2023:1045
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2023:1045
8
reference_url https://access.redhat.com/errata/RHSA-2023:1047
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2023:1047
9
reference_url https://access.redhat.com/errata/RHSA-2023:1049
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2023:1049
10
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json
11
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3916
reference_id
reference_type
scores
0
value 0.00226
scoring_system epss
scoring_elements 0.45539
published_at 2026-06-05T12:55:00Z
1
value 0.00226
scoring_system epss
scoring_elements 0.45498
published_at 2026-06-08T12:55:00Z
2
value 0.00226
scoring_system epss
scoring_elements 0.45523
published_at 2026-06-07T12:55:00Z
3
value 0.00226
scoring_system epss
scoring_elements 0.45543
published_at 2026-06-06T12:55:00Z
4
value 0.00226
scoring_system epss
scoring_elements 0.4547
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3916
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2141404
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2141404
13
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6.1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
reference_id cpe:/a:redhat:rhosemc:1.0::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
20
reference_url https://access.redhat.com/security/cve/CVE-2022-3916
reference_id CVE-2022-3916
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/security/cve/CVE-2022-3916
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-3916
reference_id CVE-2022-3916
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-3916
22
reference_url https://github.com/advisories/GHSA-97g8-xfvw-q4hg
reference_id GHSA-97g8-xfvw-q4hg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-97g8-xfvw-q4hg
23
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg
reference_id GHSA-97g8-xfvw-q4hg
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@20.0.2
purl pkg:maven/org.keycloak/keycloak-parent@20.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bps-7j9p-a3b6
1
vulnerability VCID-ku7s-gnhp-a3du
2
vulnerability VCID-rt61-271c-nkgk
3
vulnerability VCID-xbkp-kjgd-fqcx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@20.0.2
aliases CVE-2022-3916, GHSA-97g8-xfvw-q4hg, GMS-2022-8406
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-azxv-y5rj-vkg9
6
url VCID-kfxs-f5j7-mfhu
vulnerability_id VCID-kfxs-f5j7-mfhu
summary keycloak: improper input validation permits script injection
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2256.json
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2256.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2256
reference_id
reference_type
scores
0
value 0.00882
scoring_system epss
scoring_elements 0.75738
published_at 2026-06-04T12:55:00Z
1
value 0.00882
scoring_system epss
scoring_elements 0.75741
published_at 2026-06-08T12:55:00Z
2
value 0.00882
scoring_system epss
scoring_elements 0.75753
published_at 2026-06-07T12:55:00Z
3
value 0.00882
scoring_system epss
scoring_elements 0.75763
published_at 2026-06-06T12:55:00Z
4
value 0.00882
scoring_system epss
scoring_elements 0.75766
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2256
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/8e705a65ab2aa2b079374ec859ee7a75fad5a7d9
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/8e705a65ab2aa2b079374ec859ee7a75fad5a7d9
4
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2256
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2256
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2101942
reference_id 2101942
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2101942
7
reference_url https://github.com/advisories/GHSA-w9mf-83w3-fv49
reference_id GHSA-w9mf-83w3-fv49
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w9mf-83w3-fv49
8
reference_url https://access.redhat.com/errata/RHSA-2022:6782
reference_id RHSA-2022:6782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6782
9
reference_url https://access.redhat.com/errata/RHSA-2022:6783
reference_id RHSA-2022:6783
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6783
10
reference_url https://access.redhat.com/errata/RHSA-2022:6787
reference_id RHSA-2022:6787
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6787
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@19.0.2
purl pkg:maven/org.keycloak/keycloak-parent@19.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bps-7j9p-a3b6
1
vulnerability VCID-48jh-8c96-3bc9
2
vulnerability VCID-azxv-y5rj-vkg9
3
vulnerability VCID-ku7s-gnhp-a3du
4
vulnerability VCID-rt61-271c-nkgk
5
vulnerability VCID-xbkp-kjgd-fqcx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@19.0.2
aliases CVE-2022-2256, GHSA-w9mf-83w3-fv49
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kfxs-f5j7-mfhu
7
url VCID-ku7s-gnhp-a3du
vulnerability_id VCID-ku7s-gnhp-a3du
summary 
Keycloak has Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters (such as tabs) as separators and tolerates case variations that deviate from RFC 6750 specifications.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/
url https://access.redhat.com/errata/RHSA-2026:3947
1
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/
url https://access.redhat.com/errata/RHSA-2026:3948
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0707.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0707.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-0707
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.06226
published_at 2026-06-07T12:55:00Z
1
value 0.00022
scoring_system epss
scoring_elements 0.06527
published_at 2026-06-06T12:55:00Z
2
value 0.00023
scoring_system epss
scoring_elements 0.06672
published_at 2026-06-08T12:55:00Z
3
value 0.0003
scoring_system epss
scoring_elements 0.09225
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-0707
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2427768
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2427768
5
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
6
reference_url https://github.com/keycloak/keycloak/issues/49433
reference_id 49433
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/
url https://github.com/keycloak/keycloak/issues/49433
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
8
reference_url https://access.redhat.com/security/cve/CVE-2026-0707
reference_id CVE-2026-0707
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/
url https://access.redhat.com/security/cve/CVE-2026-0707
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-0707
reference_id CVE-2026-0707
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-0707
10
reference_url https://github.com/advisories/GHSA-gv94-wp4h-vv8p
reference_id GHSA-gv94-wp4h-vv8p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gv94-wp4h-vv8p
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@26.5.1
purl pkg:maven/org.keycloak/keycloak-parent@26.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bps-7j9p-a3b6
1
vulnerability VCID-rt61-271c-nkgk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@26.5.1
aliases CVE-2026-0707, GHSA-gv94-wp4h-vv8p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ku7s-gnhp-a3du
8
url VCID-qjhb-ubp5-ukdy
vulnerability_id VCID-qjhb-ubp5-ukdy
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json
1
reference_url https://access.redhat.com/security/cve/CVE-2021-3632
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2021-3632
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3632
reference_id
reference_type
scores
0
value 0.00503
scoring_system epss
scoring_elements 0.66468
published_at 2026-06-08T12:55:00Z
1
value 0.00503
scoring_system epss
scoring_elements 0.6645
published_at 2026-06-04T12:55:00Z
2
value 0.00503
scoring_system epss
scoring_elements 0.6649
published_at 2026-06-05T12:55:00Z
3
value 0.00503
scoring_system epss
scoring_elements 0.66498
published_at 2026-06-06T12:55:00Z
4
value 0.00503
scoring_system epss
scoring_elements 0.66482
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3632
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4
5
reference_url https://github.com/keycloak/keycloak/pull/8203
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/8203
6
reference_url https://issues.redhat.com/browse/KEYCLOAK-18500
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/KEYCLOAK-18500
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3632
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3632
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1978196
reference_id 1978196
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1978196
9
reference_url https://security.archlinux.org/AVG-1332
reference_id AVG-1332
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1332
10
reference_url https://github.com/advisories/GHSA-qpq9-jpv4-6gwr
reference_id GHSA-qpq9-jpv4-6gwr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qpq9-jpv4-6gwr
11
reference_url https://access.redhat.com/errata/RHSA-2021:3527
reference_id RHSA-2021:3527
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3527
12
reference_url https://access.redhat.com/errata/RHSA-2021:3528
reference_id RHSA-2021:3528
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3528
13
reference_url https://access.redhat.com/errata/RHSA-2021:3529
reference_id RHSA-2021:3529
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3529
14
reference_url https://access.redhat.com/errata/RHSA-2021:3534
reference_id RHSA-2021:3534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3534
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@15.1.0
purl pkg:maven/org.keycloak/keycloak-parent@15.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1a4q-f36b-43aq
1
vulnerability VCID-1bps-7j9p-a3b6
2
vulnerability VCID-2ju8-s2gd-b3ee
3
vulnerability VCID-48jh-8c96-3bc9
4
vulnerability VCID-8sqn-nkzx-euec
5
vulnerability VCID-azxv-y5rj-vkg9
6
vulnerability VCID-kfxs-f5j7-mfhu
7
vulnerability VCID-ku7s-gnhp-a3du
8
vulnerability VCID-rt61-271c-nkgk
9
vulnerability VCID-xbkp-kjgd-fqcx
10
vulnerability VCID-yn28-fcm1-zfcs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@15.1.0
aliases CVE-2021-3632, GHSA-qpq9-jpv4-6gwr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qjhb-ubp5-ukdy
9
url VCID-rt61-271c-nkgk
vulnerability_id VCID-rt61-271c-nkgk
summary 
Improper Authentication
A vulnerability was found in keycloak, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has entered.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14910.json
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14910.json
1
reference_url https://access.redhat.com/security/cve/cve-2019-14910
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/cve-2019-14910
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14910
reference_id
reference_type
scores
0
value 0.00419
scoring_system epss
scoring_elements 0.62256
published_at 2026-06-06T12:55:00Z
1
value 0.00419
scoring_system epss
scoring_elements 0.622
published_at 2026-06-04T12:55:00Z
2
value 0.00419
scoring_system epss
scoring_elements 0.62249
published_at 2026-06-05T12:55:00Z
3
value 0.00419
scoring_system epss
scoring_elements 0.6223
published_at 2026-06-08T12:55:00Z
4
value 0.00419
scoring_system epss
scoring_elements 0.62246
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14910
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14910
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14910
4
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1778265
reference_id 1778265
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1778265
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14910
reference_id CVE-2019-14910
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14910
7
reference_url https://github.com/advisories/GHSA-jf86-9434-f8c2
reference_id GHSA-jf86-9434-f8c2
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jf86-9434-f8c2
fixed_packages
aliases CVE-2019-14910, GHSA-jf86-9434-f8c2
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rt61-271c-nkgk
10
url VCID-xbkp-kjgd-fqcx
vulnerability_id VCID-xbkp-kjgd-fqcx
summary 
URL Redirection to Untrusted Site ('Open Redirect')
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.
references
0
reference_url https://access.redhat.com/errata/RHSA-2023:7854
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7854
1
reference_url https://access.redhat.com/errata/RHSA-2023:7855
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7855
2
reference_url https://access.redhat.com/errata/RHSA-2023:7856
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7856
3
reference_url https://access.redhat.com/errata/RHSA-2023:7857
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7857
4
reference_url https://access.redhat.com/errata/RHSA-2023:7858
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7858
5
reference_url https://access.redhat.com/errata/RHSA-2023:7860
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7860
6
reference_url https://access.redhat.com/errata/RHSA-2023:7861
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7861
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-6291
reference_id
reference_type
scores
0
value 0.00181
scoring_system epss
scoring_elements 0.39437
published_at 2026-06-08T12:55:00Z
1
value 0.00181
scoring_system epss
scoring_elements 0.39491
published_at 2026-06-05T12:55:00Z
2
value 0.00181
scoring_system epss
scoring_elements 0.39496
published_at 2026-06-06T12:55:00Z
3
value 0.00181
scoring_system epss
scoring_elements 0.39467
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-6291
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2251407
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2251407
10
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
11
reference_url https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22
reference_id cpe:/a:redhat:build_keycloak:22
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9
reference_id cpe:/a:redhat:build_keycloak:22::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
reference_id cpe:/a:redhat:jboss_data_grid:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6
reference_id cpe:/a:redhat:migration_toolkit_applications:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7
reference_id cpe:/a:redhat:migration_toolkit_applications:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6.6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
reference_id cpe:/a:redhat:rhosemc:1.0::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1
reference_id cpe:/a:redhat:serverless:1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1
29
reference_url https://access.redhat.com/security/cve/CVE-2023-6291
reference_id CVE-2023-6291
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/security/cve/CVE-2023-6291
30
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-6291
reference_id CVE-2023-6291
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-6291
31
reference_url https://github.com/advisories/GHSA-mpwq-j3xf-7m5w
reference_id GHSA-mpwq-j3xf-7m5w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mpwq-j3xf-7m5w
32
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w
reference_id GHSA-mpwq-j3xf-7m5w
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@23.0.0
purl pkg:maven/org.keycloak/keycloak-parent@23.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bps-7j9p-a3b6
1
vulnerability VCID-ku7s-gnhp-a3du
2
vulnerability VCID-rt61-271c-nkgk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@23.0.0
aliases CVE-2023-6291, GHSA-mpwq-j3xf-7m5w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xbkp-kjgd-fqcx
11
url VCID-yn28-fcm1-zfcs
vulnerability_id VCID-yn28-fcm1-zfcs
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3827.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3827.json
1
reference_url https://access.redhat.com/security/cve/CVE-2021-3827
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2021-3827
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3827
reference_id
reference_type
scores
0
value 0.00208
scoring_system epss
scoring_elements 0.43241
published_at 2026-06-08T12:55:00Z
1
value 0.00208
scoring_system epss
scoring_elements 0.43218
published_at 2026-06-04T12:55:00Z
2
value 0.00208
scoring_system epss
scoring_elements 0.43291
published_at 2026-06-05T12:55:00Z
3
value 0.00208
scoring_system epss
scoring_elements 0.433
published_at 2026-06-06T12:55:00Z
4
value 0.00208
scoring_system epss
scoring_elements 0.43276
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3827
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3827
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3827
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2007512
reference_id 2007512
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2007512
7
reference_url https://security.archlinux.org/AVG-1332
reference_id AVG-1332
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1332
8
reference_url https://github.com/advisories/GHSA-4pc7-vqv5-5r3v
reference_id GHSA-4pc7-vqv5-5r3v
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4pc7-vqv5-5r3v
9
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-4pc7-vqv5-5r3v
reference_id GHSA-4pc7-vqv5-5r3v
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-4pc7-vqv5-5r3v
10
reference_url https://access.redhat.com/errata/RHSA-2022:0151
reference_id RHSA-2022:0151
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0151
11
reference_url https://access.redhat.com/errata/RHSA-2022:0152
reference_id RHSA-2022:0152
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0152
12
reference_url https://access.redhat.com/errata/RHSA-2022:0155
reference_id RHSA-2022:0155
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0155
13
reference_url https://access.redhat.com/errata/RHSA-2022:0164
reference_id RHSA-2022:0164
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0164
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@18.0.0
purl pkg:maven/org.keycloak/keycloak-parent@18.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bps-7j9p-a3b6
1
vulnerability VCID-48jh-8c96-3bc9
2
vulnerability VCID-8sqn-nkzx-euec
3
vulnerability VCID-azxv-y5rj-vkg9
4
vulnerability VCID-kfxs-f5j7-mfhu
5
vulnerability VCID-ku7s-gnhp-a3du
6
vulnerability VCID-rt61-271c-nkgk
7
vulnerability VCID-xbkp-kjgd-fqcx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@18.0.0
aliases CVE-2021-3827, GHSA-4pc7-vqv5-5r3v, GMS-2022-1098
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yn28-fcm1-zfcs
Fixing_vulnerabilities
0
url VCID-e4uj-ak3b-gqd6
vulnerability_id VCID-e4uj-ak3b-gqd6
summary 
Insufficient Session Expiration
A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name].
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3461.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3461.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3461
reference_id
reference_type
scores
0
value 0.00052
scoring_system epss
scoring_elements 0.16424
published_at 2026-06-08T12:55:00Z
1
value 0.00052
scoring_system epss
scoring_elements 0.16468
published_at 2026-06-04T12:55:00Z
2
value 0.00052
scoring_system epss
scoring_elements 0.1655
published_at 2026-06-05T12:55:00Z
3
value 0.00052
scoring_system epss
scoring_elements 0.16546
published_at 2026-06-06T12:55:00Z
4
value 0.00052
scoring_system epss
scoring_elements 0.16505
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3461
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1941565
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1941565
3
reference_url https://github.com/keycloak/keycloak/issues/11203
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/11203
4
reference_url https://security.archlinux.org/ASA-202106-19
reference_id ASA-202106-19
reference_type
scores
url https://security.archlinux.org/ASA-202106-19
5
reference_url https://security.archlinux.org/AVG-1994
reference_id AVG-1994
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1994
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3461
reference_id CVE-2021-3461
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3461
7
reference_url https://github.com/advisories/GHSA-cm29-6wx7-p874
reference_id GHSA-cm29-6wx7-p874
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cm29-6wx7-p874
8
reference_url https://access.redhat.com/errata/RHSA-2021:2063
reference_id RHSA-2021:2063
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2063
9
reference_url https://access.redhat.com/errata/RHSA-2021:2064
reference_id RHSA-2021:2064
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2064
10
reference_url https://access.redhat.com/errata/RHSA-2021:2065
reference_id RHSA-2021:2065
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2065
11
reference_url https://access.redhat.com/errata/RHSA-2021:2070
reference_id RHSA-2021:2070
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2070
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@14.0.0
purl pkg:maven/org.keycloak/keycloak-parent@14.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1a4q-f36b-43aq
1
vulnerability VCID-1bps-7j9p-a3b6
2
vulnerability VCID-2ju8-s2gd-b3ee
3
vulnerability VCID-48jh-8c96-3bc9
4
vulnerability VCID-8sqn-nkzx-euec
5
vulnerability VCID-azxv-y5rj-vkg9
6
vulnerability VCID-kfxs-f5j7-mfhu
7
vulnerability VCID-ku7s-gnhp-a3du
8
vulnerability VCID-qjhb-ubp5-ukdy
9
vulnerability VCID-rt61-271c-nkgk
10
vulnerability VCID-xbkp-kjgd-fqcx
11
vulnerability VCID-yn28-fcm1-zfcs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@14.0.0
aliases CVE-2021-3461, GHSA-cm29-6wx7-p874
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e4uj-ak3b-gqd6
1
url VCID-t8wj-9vkr-hbc6
vulnerability_id VCID-t8wj-9vkr-hbc6
summary 
Allocation of Resources Without Limits or Throttling
A flaw was found in keycloak-model-infinispan in keycloak where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3637.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3637.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3637
reference_id
reference_type
scores
0
value 0.00468
scoring_system epss
scoring_elements 0.64856
published_at 2026-06-08T12:55:00Z
1
value 0.00468
scoring_system epss
scoring_elements 0.64826
published_at 2026-06-04T12:55:00Z
2
value 0.00468
scoring_system epss
scoring_elements 0.64868
published_at 2026-06-05T12:55:00Z
3
value 0.00468
scoring_system epss
scoring_elements 0.64878
published_at 2026-06-06T12:55:00Z
4
value 0.00468
scoring_system epss
scoring_elements 0.64867
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3637
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1979638
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1979638
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3637
reference_id CVE-2021-3637
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3637
4
reference_url https://github.com/advisories/GHSA-2vp8-jv5v-6qh6
reference_id GHSA-2vp8-jv5v-6qh6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2vp8-jv5v-6qh6
5
reference_url https://access.redhat.com/errata/RHSA-2021:3527
reference_id RHSA-2021:3527
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3527
6
reference_url https://access.redhat.com/errata/RHSA-2021:3528
reference_id RHSA-2021:3528
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3528
7
reference_url https://access.redhat.com/errata/RHSA-2021:3529
reference_id RHSA-2021:3529
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3529
8
reference_url https://access.redhat.com/errata/RHSA-2021:3534
reference_id RHSA-2021:3534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3534
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@14.0.0
purl pkg:maven/org.keycloak/keycloak-parent@14.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1a4q-f36b-43aq
1
vulnerability VCID-1bps-7j9p-a3b6
2
vulnerability VCID-2ju8-s2gd-b3ee
3
vulnerability VCID-48jh-8c96-3bc9
4
vulnerability VCID-8sqn-nkzx-euec
5
vulnerability VCID-azxv-y5rj-vkg9
6
vulnerability VCID-kfxs-f5j7-mfhu
7
vulnerability VCID-ku7s-gnhp-a3du
8
vulnerability VCID-qjhb-ubp5-ukdy
9
vulnerability VCID-rt61-271c-nkgk
10
vulnerability VCID-xbkp-kjgd-fqcx
11
vulnerability VCID-yn28-fcm1-zfcs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@14.0.0
aliases CVE-2021-3637, GHSA-2vp8-jv5v-6qh6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t8wj-9vkr-hbc6
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@14.0.0