Search for packages
| purl | pkg:alpm/archlinux/keycloak@12.0.2-1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-5apu-r7pn-byet
Aliases: CVE-2021-20195 GHSA-q6w2-89hq-hq27 |
keycloak Self Stored Cross-site Scripting vulnerability A flaw was found in keycloak in versions before 13.0.0. A Self Stored XSS attack vector escalating to a complete account takeover is possible due to user-supplied data fields not being properly encoded and Javascript code being used to process the data. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-6s4w-hv7a-ffaw | Keycloak vulnerable to Server-Side Request Forgery A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter `request_uri`. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack. |
CVE-2020-10770
GHSA-jh7q-5mwf-qvhw |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T18:26:54.743541+00:00 | Arch Linux Importer | Fixing | VCID-6s4w-hv7a-ffaw | https://security.archlinux.org/AVG-1577 | 38.0.0 |
| 2026-04-01T18:25:41.933334+00:00 | Arch Linux Importer | Affected by | VCID-5apu-r7pn-byet | https://security.archlinux.org/AVG-1578 | 38.0.0 |