Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@16.1.1
purl pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@16.1.1
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-dxj3-8sk5-mfdy
Aliases:
CVE-2022-3916
GHSA-97g8-xfvw-q4hg
GMS-2022-8406
Insufficient Session Expiration A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user. There are no reported fixed by versions.
VCID-nhe2-8dtq-gqbf
Aliases:
CVE-2023-6291
GHSA-mpwq-j3xf-7m5w
URL Redirection to Untrusted Site ('Open Redirect') A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-29T21:29:34.775356+00:00 GitLab Importer Affected by VCID-nhe2-8dtq-gqbf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-wildfly-server-subsystem/CVE-2023-6291.yml 38.5.0
2026-04-29T21:19:50.758308+00:00 GitLab Importer Affected by VCID-dxj3-8sk5-mfdy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-wildfly-server-subsystem/CVE-2022-3916.yml 38.5.0
2026-04-16T22:48:46.383609+00:00 GitLab Importer Affected by VCID-nhe2-8dtq-gqbf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-wildfly-server-subsystem/CVE-2023-6291.yml 38.4.0
2026-04-16T22:38:57.624018+00:00 GitLab Importer Affected by VCID-dxj3-8sk5-mfdy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-wildfly-server-subsystem/CVE-2022-3916.yml 38.4.0
2026-04-12T00:08:37.030749+00:00 GitLab Importer Affected by VCID-nhe2-8dtq-gqbf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-wildfly-server-subsystem/CVE-2023-6291.yml 38.3.0
2026-04-11T23:58:23.921175+00:00 GitLab Importer Affected by VCID-dxj3-8sk5-mfdy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-wildfly-server-subsystem/CVE-2022-3916.yml 38.3.0
2026-04-03T00:13:15.267390+00:00 GitLab Importer Affected by VCID-nhe2-8dtq-gqbf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-wildfly-server-subsystem/CVE-2023-6291.yml 38.1.0
2026-04-03T00:01:26.541623+00:00 GitLab Importer Affected by VCID-dxj3-8sk5-mfdy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-wildfly-server-subsystem/CVE-2022-3916.yml 38.1.0