VulnerableCode Package Details - pkg:alpm/archlinux/keycloak@12.0.4-1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:alpm/archlinux/keycloak@12.0.4-1

Essentials
History (5)

purl	pkg:alpm/archlinux/keycloak@12.0.4-1

Next non-vulnerable version	14.0.0-1
Latest non-vulnerable version	16.0.0-1
Risk	10.0

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-14c3-xa9j-mbab Aliases: CVE-2021-3513 GHSA-xv7h-95r7-595j	Incorrect implementation of lockout feature in Keycloak A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnerability is to confidentiality.	13.0.0-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-546n-kc1p-cyhm Aliases: CVE-2021-20222 GHSA-2mq8-99q7-55wx	Code injection in keycloak A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.	13.0.0-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-djwn-hkwg-g3gk Aliases: CVE-2020-14302	keycloak: reusable "state" parameter at redirect_uri endpoint enables possibility of replay attacks	13.0.0-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-e9qa-sy57-fqby Aliases: CVE-2021-20202 GHSA-6xp6-fmc8-pmmr	Temporary Directory Hijacking Vulnerability in Keycloak A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory. The highest threat from this vulnerability is to data confidentiality and integrity.	13.0.0-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-u5ba-kpd5-67bm Aliases: CVE-2020-27838 GHSA-pcv5-m2wh-66j3	Keycloak discloses information without authentication A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.	13.0.0-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T18:25:34.808802+00:00	Arch Linux Importer	Affected by	VCID-djwn-hkwg-g3gk	https://security.archlinux.org/AVG-1926	38.0.0
2026-04-01T18:25:34.783794+00:00	Arch Linux Importer	Affected by	VCID-u5ba-kpd5-67bm	https://security.archlinux.org/AVG-1926	38.0.0
2026-04-01T18:25:34.761362+00:00	Arch Linux Importer	Affected by	VCID-e9qa-sy57-fqby	https://security.archlinux.org/AVG-1926	38.0.0
2026-04-01T18:25:34.737687+00:00	Arch Linux Importer	Affected by	VCID-546n-kc1p-cyhm	https://security.archlinux.org/AVG-1926	38.0.0
2026-04-01T18:25:34.711829+00:00	Arch Linux Importer	Affected by	VCID-14c3-xa9j-mbab	https://security.archlinux.org/AVG-1926	38.0.0